Hello directly from Jimbo at Wikipedia

Jeffrey F. Bloss jbloss at tampabay.rr.com
Fri Sep 30 19:25:57 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 29 September 2005 07:49 am, Jimmy Wales wrote:
> Jeffrey F. Bloss wrote:
> > I was operating under the assumption that the problem was more along the
> > lines of nefarious juveniles selectively posting "Kilroy was here"
> > graffiti. Something along those lines. If I'm out in left field about the
> > nature of the attack against Wikipedia, I'd be happy to be corrected, and
> > forced to agree that HashCash would be unsuitable.
>
> I have no opinion about HashCash just yet.  I have to think about it
> some more.

I'll say up front that it would place the burden entirely on you, and your 
users. You would be solely responsible for authenticating tokens, and your 
anonymous users would be responsible for generating them. That could be both 
a deterrent to abusers, as well as a deterrent to some "good" users. There's 
no offloading of anything to third parties. Everyone does some work. ;)

I've seen a lot of chat about "nym" creation being done by a third party. The 
biggest fly in the proverbial ointment is how to prevent nefarious users from 
collecting many nyms, or collecting them in succession as previous nyms are 
trash canned, without identifying individual users. You *must* know where a 
key is being sent to restrict its destination to "good" users. That, or a 
user has to solve some "puzzle". At this point you're back to the same 
solution/problem/scenario HashCash offers. I'd say that in a pure sense it 
would be better to go with HashCash or a similar solution, and perserve 
strict anonymity.

That's something to consider.

In its purest sense anonymity is there to protect that one in a million 
"Chinese dissident" who wants to post information on the metaphorical raping 
of Chinese citizens by their government. A "good enough" solution that incurs 
any weakening of anonymity on users may thwart the BadGuys(tm) and not impact 
the average Joe in any significant way, but actually be exploitable by an 
attacker as well funded and powerful as the Chinese government. They *do* 
have the ability to analyze traffic with some competence, so any inherent 
partitioning problems your solution has might be magnified.

> What is problematic is the lunatic on crack and steriods who is
> selectively posting "Kilroy sucked your mothers cock" graffiti,
> obsessively, hundreds of times.  

See, now this is where I think something like Hashcash might shine. If you 
were to require anonymous users to spend even a couple minutes time 
generating a token for each and every edit, I'd wager 99.999% of these idiots 
would evaporate. It's not so much designed to keep that occasional 
disgruntled pre-teen from diddling a page or two as much as it is a tool to 
make repeated and systematic abuse by moderately dedicated individuals so 
time consuming that they just give up.

The nym/puzzle scenario would accomplish the same thing in practice, and be a 
little easier for your "good" anonymous users,  but the exchange of a key is 
a problem to real anonymity, even if it is a very slight one. 

> I am not an expert on ideas like HashCah or anything of the sort.  

I'm not an expert on much of anything. ;) I'm definitely not a cryptographer 
or mathematics guru, and I don't know a whole lot about implementing security 
in software outside my long ago military experience. I do have a lot of 
experience with anonymity both as a user, and as an admin from clear back in 
the FIDO/RIME days. I feel I have a fairly good grasp of the practical side 
of the animal, but I'm far from a useful technition here. You should take 
that into consideration, and rely on the experts accordingly. ;)

> So the _degree_ of trust we need is actually quite small.  It isn't "We
> certify this person to be a certain user, guaranteed, the same as ever".

I just can't get over having a problem with that. If you're "isolating" 
someone, even an anonymous entity, that entity becomes recognizable rather 
that part of a indistinguishable whole. It just rubs my fur the wrong way. 
Might be unfounded paranoia, might not...

I firmly believe it might be better to stay away from a classical nym solution 
if possible. In the real world, our Chinese dissident might find themselves 
in deep poo for holding the nym keys, while the ephemeral nature of something 
like self-minted digital cash might shield them to some degree.

Thanks again for taking the time by the way. Refreshing in deed. :)

- -- 
Hand crafted on September 30, 2005 at 14:37:38 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
                                  -Groucho Marx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDPZFKRHqalLqKnCkRAr8IAJ9pr5eU9Ro1GxpF4/TfCdPQn1CaQQCfWJ/H
7y7lPb3qsdD5LhdhkO+V/Rs=
=ES3s
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list