----- Forwarded message from "Roy M. Silvernail" <roy@xxxxxxxxxxxxxxxx> ----- From: "Roy M. Silvernail" <roy@xxxxxxxxxxxxxxxx> Date: Wed, 28 Sep 2005 09:26:55 -0400 To: cypherpunks@xxxxxxxx Subject: Re: [cyphrpunk@xxxxxxxxx: Re: Hello directly from Jimbo at Wikipedia] User-Agent: Internet Messaging Program (IMP) 3.2.8 > ----- Forwarded message from cypherpunk <cyphrpunk@xxxxxxxxx> ----- > > From: cypherpunk <cyphrpunk@xxxxxxxxx> > Subject: Re: Hello directly from Jimbo at Wikipedia > As an occasional Tor and Wikipedia user, let me add a couple of points. > > First, in case it is not obvious, the problem with the present system > is that Tor users can no longer edit on Wikipedia. I have done so in > the past, in what I like to think is a constructive manner, but cannot > do so since this summer. I have valid although perhaps unpopular > contributions to make, and not only is my freedom to express myself > limited, the quality of the material on Wikipedia suffers due to the > absence of my perspective. The status quo is not acceptable and we > should work to find a solution. Leaving aside the qualitative discussion, let's remember that the freedom to express onesself does not imply the obligation for any other party to listen. > Looking at the proposals for authentication servers and such, I see a > major issue which is not being addressed. That is, how does the web > server distinguish "authenticated" Tor users from unathenticated ones? > If this is via a complicated protocol, there is no point as the > servers won't use it. The problem at hand does not require "authenticated" Tor users. It requires authenticated Wikipedia users. > This does not necessarily mean building complex authentication > protocols into the Tor network, and having two classes of traffic > flowing around. It could be that this authenticated Tor is a separate > network. It only lets users in who are authenticated, and owns a > specific set of IP addresses which servers can whitelist. The regular > Tor exit nodes can be blacklisted as they are now. Tor is transport layer. Authentication for a specific service (such as Wikipedia) is the responsibility of that service and belongs in the session layer. An authenticated network and an anonymizing network are mutually exclusive. > What does Wikipedia need? What is the minimum level of service they > require? Presumably, it is similar to what they can get via ISPs, who > also map many users to a fixed set of IP addresses. Wikipedia can > complain to the ISP, and it will get back in some form to that user. No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. -- Roy M. Silvernail is roy@xxxxxxxxxxxxxxxx, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature