[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hello directly from Jimbo at Wikipedia



In case it was not painfully obvious, I posted two very critical
messages about the policy of Wikipedia with respect to Tor nodes.  I
sent one of these messages in April and another just a few hours ago.

I apologize for my tone in these messages.  I contributed nothing
of constructive value, and if I accomplished anything it was only to
further polarize the community around the two perspectives.  I have
neither the intellect nor the disposition to be as level-headed about
this as I would like to be, but I will try.

I would like to make clear that what I intended to say was that as
a researcher in the area of Internet transport, I believe that Tor is a
crucial first step to achieving location-independence for Internet
peers.  I believe in location-independence to the extent that I would
like to see every host on the Internet have the ability to communicate
without revealing its network address.  Since my research specifically
revolves around using Tor to achieve location-independence, I tend to
become overly frustrated when the providers of vital Internet services
impose restrictions that may reduce support for Tor among developers and
the general public.

We ARE on the same side.  I don't think that anyone on this list would
question that Roger, Nick, and Jimbo have all worked hard to make the
world a better place, and that to a significant extent, their visions of
a better world have already been achieved as a result of their efforts.

In the absence of a better solution, I am glad that Wikipedia blocks Tor
nodes, since otherwise the world would quickly lose an important
resource (and Tor would be blamed).  In particular, the continued
success of the Wikipedia project depends upon articles being accurate
and unvandalized, and all potential threats to this goal may rightly be
considered suspect.  What worries me is that as of now we have not yet
ensured that users seeking location-independence would be able to edit
Wikipedia articles like everyone else.  I do not view the use of Tor as
a form of "lurking in shadows"; I think that it represents a happier
future in which the use of network-layer addresses to censor the
activity of Internet peers is difficult or impossible.

It is not necessary to build a user-authentication mechanism into Tor.
For example, any third party can build a proxy accessible via Tor that
provides authentication considered suitable by Wikipedia, and clients
can use that proxy when they want to edit Wikipedia articles.  A similar
approach that has been widely discussed was to build an authentication
mechanism into Wikipedia that would be used only for clients contacting
Wikipedia via hosts that would otherwise be filtered.

The problem with these two potential solutions is that we still do not
have a good idea of what kinds of authentication would actually work.
For example, it may be undesirable to use credit card numbers or
referrals from existing users.  Wikipedia seeks to achieve a certain
degree of openness and availability to contributors, and it would seem
that mechanisms that authenticate and verify pose a threat to this
openness and availability.

Might it be possible to come up with a list of technical desiderata for
a potential end-to-end Wikipedia access policy?  It is my feeling that
if we consider the requirements carefully, we will be able to devise a
solution that satisfies all of our constraints.

Geoff

On Tue, Sep 27, 2005 at 01:46:13PM -0400, Jimmy Wales wrote:
> I'd like to say thanks for the invitation to join this dialogue.
> 
> Let me tell you what I love.  I love the Chinese dissident who wants to
> work on Wikipedia articles in safety.  I love that Wikipedia is an open
> platform that allows people to have that voice, and that we can have a
> positive impact on the world in large part because we don't bow to
> censorship and we are willing to reach out and work with people like Tor
> to empower individuals to speak, no matter what sort of oppressive
> conditions they face.
> 
> WE ARE ON THE SAME SIDE.
> 
> So it always dismays me to see conversations like this, and I think that
> at least some cooler heads here will understand why I get frustrated and
> why I make no apologizes for characterizing at least some people in the
> Tor community as being irresponsible.
> 
> "I share frustrations that the statements attributed to Jimmy Wales in
> the record below and in previous messages seem to show some fundamental
> misunderstandings and willful ignorance of Tor, and more broadly of
> identity, identifiers, reputation, authentication, etc. in open
> network communications"
> 
> Willful ignorance?  Not at all.  What I know is that we are forced to
> block Tor servers regularly due to persistent vandalism.  That's a sad
> fact to me.  It's a difficult thing for those of us who are serious
> about these issues.  But the really sad thing is when elements of the
> Tor community are not willing to face up to this as a legitimate and
> difficult problem.
> 
> "everyone is so worried about it, but has any one ever been successfully
> been able to use tor to effectively spam anyone?"
> 
> Yes, of course!  We deal with it constantly.  We have an effective means
> of dealing with it: we block Tor servers from editing wikipedia.  But is
> that what any of us want?
> 
> "Misbehaviour is in the eye of the observer, however."
> 
> No, actually it isn't.  There is such a thing as objectively
> identifiable malicious behavior.  We aren't Chinese censors here.  We're
> the good guys.  We want to work with you.
> 
> Yes, we could implement tight security to only allow people who identify
> themselves (perhaps we'll require a credit card number, someone
> suggests?)... but *cough*, aren't we supposed to care about privacy here?
> 
> --Jimbo

Attachment: signature.asc
Description: Digital signature