[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wikipedia and Tor - a solution in the works?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Wikipedia and Tor - a solution in the works?
From: Jason Holt <jason@xxxxxxxxxxxx>
Date: Mon, 31 Oct 2005 08:41:06 +0000 (UTC)
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 31 Oct 2005 03:41:23 -0500
In-reply-to: <20051030231506.GA7469@localhost.localdomain>
References: <71cd4dd90510291142i70886676sd16c8de351c0c466@mail.gmail.com> <792ce4370510292157m6755cf4fh1082554c03cd56f1@mail.gmail.com> <20051030231506.GA7469@localhost.localdomain>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, 31 Oct 2005, Matthias Fischmann wrote:

nym (and in any other IMHO reasonable architecture) is baesd on the
idea that a user provides some credential like an IP address or
(slightly more effective) an e-mail address that is hard to replicate
in huge amounts.

If we're talking about pseudonymity in general, the most natural formulation is that nyms are merely unforgeable. So for example, Lucky Green has a published PGP key, and an excellent reputation under his pseudonym.

Wikipedia is willing to permit pseudonyms issued under an ideal constraint of 1-per-person, which they approximate using IP addresses.

this is where nym comes in.  it hides the IP address from wikipedia,
replacing it with a token that is exactly as hard to obtain as an IP
address, but detached from the user's real identity.  the
authentication server knows which IP address gets a token, and that no
IP address gets more than one token, but doesn't know the mapping
between IP addresses and tokens.  wikipedia can only see tokens, but
no IP addresses (except those of tor nodes), but trusts the
authentication server not to issue several tokens to the same address.

Quite correct. (Well, nym assumes you'll trade your token for a more convenient client certificate, but it's basically isomorphic since tokens map 1-to-1 with certificates).

if wikipedia is unhappy with a user, it bans that user's token (with
the same effect as banning an IP address if there was no tor network).
if a blog site is perfectly happy with that same user, that site
doesn't ban her token, and she can keep blogging like mad, until she
gets banned here, too.  the authentication server is not involved in
the punishment and excommunication on either site at all.  its only
job is to detach identifying and anonymous credentials in a way that
makes sybling attacks hard.

A reasonable proposition, although other configurations are possible. Each service can run its own token/CA servers, or they can aggregate. Aggregation is good for user privacy, isolation is good for control (eg., wikipedia can tell the token server not to hand tokens to already-banned IPs).

as i understand the architectures anthony and cypherpunk propose, it
doesn't have these properties.  nym does.

Cyphrpunk proposes using the more recent credential architectures which reduce inter-transaction linkability without compromising server ability to ban. They're really neat, but complicated and patent encumbered.

-J

References:
- Wikipedia and Tor - a solution in the works?
  - From: Anthony DiPierro
- Re: Wikipedia and Tor - a solution in the works?
  - From: cyphrpunk
- Re: Wikipedia and Tor - a solution in the works?
  - From: Matthias Fischmann

Prev by Author: Re: Wikipedia and Tor - a solution in the works?
Next by Author: best way to recover from bad circuit
Previous by thread: Re: Wikipedia and Tor - a solution in the works?
Next by thread: Re: Wikipedia and Tor - a solution in the works?
Index(es):
- Author
- Thread