[tor-talk] Wikimedia and Tor

Derric Atzrott datzrott at alizeepathology.com
Wed Oct 1 13:57:22 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good day all,

About once a year the topic of Tor comes up on Wikimedia's technical mailing
list.  I recently raised the topic again.  For those who aren't aware of the
situation, currently Wikimedia blocks all edits from Tor users.  We are trying
to find a way that it might be possible for us to lift that block, while not
exposing ourselves to the abuse that seems to inevitably come from Tor and
other proxy services.

The biggest concern that I have seen is how do we prevent sock puppets.  It
seems that when Tor was unblocked it was regularly used by people who had been
blocked from editing to evade those blocks.  There have been a couple of ideas
thrown around in the past, but most of them have some sort of objection.

I was curious if any of you here might have any ideas?  How can we verify that
a person is who they say they are, and block them if they are abusive in such
a way that it is at least difficult for them to evade the block, but that does
not impose a requirement so high as to be prohibitive to those who aren't
causing issues?

We've thought about setting up infrastructure for Nymble, but that would
require Tor users to expose their IP address in order to get a Nymble token.
We have also thought about blind signing certificates which are then used to
verify a person is the same as before, but it would be trivially easy for
someone to get a new one.  We've thought about putting all Tor edits into a
review queue, but that imposes too high a cost on our other volunteers.
Fingerprinting Tor users seems both unethical and difficult, requiring some
form of donation seems unethical, difficult, and possibly illegal, and
requiring accounts to be created without Tor exposes Tor user's IP addresses.

We really don't want to collect private information from Tor users like phone
numbers, government IDs, etc. as that information isn't collected for anyone
else and seems especially sensitive for Tor users.

A more personal note, this email is being sent from my work email address as
I use it for list subscriptions (I spent 12 hours a day at work or commuting
so this makes lists much easier to keep up on), but I will be signing my emails
with my personal PGP key and any off-list messages to me should probably be
directed there.

Additionally it should be noted that I have a passing familiarity with Tor as
both a user and recently became an exit relay operator, though if I missed
something blindly obvious, definitely please point it out to me!

Thank you,
Derric Atzrott
User:Zellfaze on English Wikipedia
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFULAfzRHoDdZBwKDgRAp8NAJ9H9Ap6BRVhpLr0TOS5Nf2gGAkBKgCeMiUX
mPgZEd/DXE876lE0l6nmTIM=
=Gavh
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (MingW32)

mQGiBFQZiyYRBACLtvclV0jwo/9suqLjfAQZNRD6wUSxBG+7WDXsFUH8lqkZvW3G
y/NvBUzHhBzyCAYvtISANk3d9MX+zjd7moSFDLmqe/bGcjBP/2v2bnQYtPUzVyCl
vBUUnSxk9Ike9irS9TBCa13Chr1/DMVS8K1AWtboFjU2lTnbIGwWLrZ8ywCguXSe
S34fksoMEdozjhz3GMz3Kn8D/3U0IpNu4cu+SYpmwGUO6pFgwa5LiR98HmoXONhC
0I9Vz1i6yiro2+t/VAIx7F6k+/nBJ4uJcVQ/RG0BZv+oDK+avcRu9i8ReV6e6kJc
gFYOCR/yrT4UNkr33XpI6T7B4xu8dZJriAVHDhRJlbdz49bZs+9U7w4xSqdudV42
ritVA/oCQ3tGtenR+9S2ukxz2h1y8qBTtvCgRhKpbY7elXRcEaULpyg6Lb3iZhPd
NL82ypNmHPMJtS2K5Th49o4HoAfCXvW3DdTTddpk/ga8fia28KPqbvHbtoCTBe+7
ObQlMC6IRro6UzSTjdf5t3Ftvmxs5Ro1j7EP5z/cs5CWr+MSQrQmRGVycmljIEF0
enJvdHQgPHplbGxmYXplQHplbGxmYXplLm9yZz6IYwQTEQIAIwUCVBmLJgUJAeCv
nAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEER6A3WQcCg4a20AoKp9hGsfG/ig
9LJ0LKnoZ68lOJuNAJ0W6GmuKMFTTvYQFM58Eqwt7ye1I4hGBBARAgAGBQJUGYwE
AAoJEIYsJh133xw698YAnRhbb6Bur9XGQg8hmvxysK2HfbnOAJ0QA1gEjRkihn2I
YUo6KGHYEp/pg7kBDQRUGYsnEAQAurNRbriy6Skx3QdvpXuqs+MHTzxFdf3p2gOe
R/7Z2Uw5ufJI6fmW5S+altaaGS48YiW9pCxmSEGZi0aPV+3scLrUVMiYOE0v/kRG
rrhYSV4onnDb0Okr4vDj5EZJxYEVKu/XXve6RrEXUHmiwZxmT8LFErmtTcNK1p2W
kfn8zzMAAwUD/3yQHJr0a29D7AXnezVH9iOPm0uQv80LBTTcLIErboltt+C3rNNN
HkhlCHFDz85Sd2ZZ+yAH7Zep5Mt1SC1dj1mWMCzi8zFn6zSYxCbQfvTIoKsTxD/X
G8ATkzXDfLJAQ/WasQHZzC734XpJpb8l+B89SKx66BXqDux/D16spvBYiEwEGBEC
AAwFAlQZiycFCQHgr5wACgkQRHoDdZBwKDijhwCeLzma3BX6Ax8PLyV7wN7lMO/q
/XoAnRv2sTX1mT4tvO1k/a3FxEPWHN9o
=/It2
-----END PGP PUBLIC KEY BLOCK-----



More information about the tor-talk mailing list