[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Hello directly from Jimbo at Wikipedia
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 29 September 2005 07:49 am, Jimmy Wales wrote:
> Jeffrey F. Bloss wrote:
> > I was operating under the assumption that the problem was more along the
> > lines of nefarious juveniles selectively posting "Kilroy was here"
> > graffiti. Something along those lines. If I'm out in left field about the
> > nature of the attack against Wikipedia, I'd be happy to be corrected, and
> > forced to agree that HashCash would be unsuitable.
> I have no opinion about HashCash just yet. I have to think about it
> some more.
I'll say up front that it would place the burden entirely on you, and your
users. You would be solely responsible for authenticating tokens, and your
anonymous users would be responsible for generating them. That could be both
a deterrent to abusers, as well as a deterrent to some "good" users. There's
no offloading of anything to third parties. Everyone does some work. ;)
I've seen a lot of chat about "nym" creation being done by a third party. The
biggest fly in the proverbial ointment is how to prevent nefarious users from
collecting many nyms, or collecting them in succession as previous nyms are
trash canned, without identifying individual users. You *must* know where a
key is being sent to restrict its destination to "good" users. That, or a
user has to solve some "puzzle". At this point you're back to the same
solution/problem/scenario HashCash offers. I'd say that in a pure sense it
would be better to go with HashCash or a similar solution, and perserve
That's something to consider.
In its purest sense anonymity is there to protect that one in a million
"Chinese dissident" who wants to post information on the metaphorical raping
of Chinese citizens by their government. A "good enough" solution that incurs
any weakening of anonymity on users may thwart the BadGuys(tm) and not impact
the average Joe in any significant way, but actually be exploitable by an
attacker as well funded and powerful as the Chinese government. They *do*
have the ability to analyze traffic with some competence, so any inherent
partitioning problems your solution has might be magnified.
> What is problematic is the lunatic on crack and steriods who is
> selectively posting "Kilroy sucked your mothers cock" graffiti,
> obsessively, hundreds of times.
See, now this is where I think something like Hashcash might shine. If you
were to require anonymous users to spend even a couple minutes time
generating a token for each and every edit, I'd wager 99.999% of these idiots
would evaporate. It's not so much designed to keep that occasional
disgruntled pre-teen from diddling a page or two as much as it is a tool to
make repeated and systematic abuse by moderately dedicated individuals so
time consuming that they just give up.
The nym/puzzle scenario would accomplish the same thing in practice, and be a
little easier for your "good" anonymous users, but the exchange of a key is
a problem to real anonymity, even if it is a very slight one.
> I am not an expert on ideas like HashCah or anything of the sort.
I'm not an expert on much of anything. ;) I'm definitely not a cryptographer
or mathematics guru, and I don't know a whole lot about implementing security
in software outside my long ago military experience. I do have a lot of
experience with anonymity both as a user, and as an admin from clear back in
the FIDO/RIME days. I feel I have a fairly good grasp of the practical side
of the animal, but I'm far from a useful technition here. You should take
that into consideration, and rely on the experts accordingly. ;)
> So the _degree_ of trust we need is actually quite small. It isn't "We
> certify this person to be a certain user, guaranteed, the same as ever".
I just can't get over having a problem with that. If you're "isolating"
someone, even an anonymous entity, that entity becomes recognizable rather
that part of a indistinguishable whole. It just rubs my fur the wrong way.
Might be unfounded paranoia, might not...
I firmly believe it might be better to stay away from a classical nym solution
if possible. In the real world, our Chinese dissident might find themselves
in deep poo for holding the nym keys, while the ephemeral nature of something
like self-minted digital cash might shield them to some degree.
Thanks again for taking the time by the way. Refreshing in deed. :)
Hand crafted on September 30, 2005 at 14:37:38 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----