[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wikipedia and Tor - a solution in the works?



On 10/30/05, Matthias Fischmann <fis@xxxxxxxxxxxxxxxxx> wrote:
this is where nym comes in.  it hides the IP address from wikipedia,
replacing it with a token that is exactly as hard to obtain as an IP
address, but detached from the user's real identity.  the
authentication server knows which IP address gets a token, and that no
IP address gets more than one token, but doesn't know the mapping
between IP addresses and tokens.  wikipedia can only see tokens, but
no IP addresses (except those of tor nodes), but trusts the
authentication server not to issue several tokens to the same address.

I don't really see how nym provides the security that was talked about by Mr. Wales, with the authentication server and the trusted cloud.  It is really an entirely different solution.  But more importantly, nym, as I understand it, doesn't provide the same security as using the IP address directly.  Nym doesn't provide you with a token showing that have a unique IP address, it provides you with a token showing that - at some point in the past - you had a unique IP address.

I'm not sure when, if ever, tokens and certificates are supposed to expire, but between expirations if you happen to be using an IP address which was used by someone else to obtain a token (or, furthermore, if you simply have lost the certificate you obtained for yourself), then you can't obtain a token, and therefore can't obtian a certificate.  Furthermore, it would be rather trivial for anyone on an account which uses dynamic IP addresses to build up a huge assortment of valid certificates, which could be used later if one of them becomes invalid, and in fact such selfish behavior would inherently destroy the system, as major ISPs would have a scarce supply of tokens available.

Finally, the anonymity only increases as more people use the system (and in fact would be completely unacceptable for anything but the most trivial of protections without a significant number of users), and usability decreases as more people use the system (for the reasons above).

I'm not even going to even get into what would happen if someone manages to spoof IP addresses to the token server.  This is arguably a problem with Wikipedia's current system anyway, though on a more temporary basis.  Same thing with IPv6.

if wikipedia is unhappy with a user, it bans that user's token (with
the same effect as banning an IP address if there was no tor network).

Effectively banning the IP address *forever*.  Yes, you could add an expiration on the certificate to allow someone to obtain a new token after a certain period of time, but the shorter you make the period of time, the less the anonymity you're providing (and the less useful the block).

Anthony