[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] CloudFlare

To: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Subject: Re: [tor-talk] CloudFlare
From: Matthew Finkel <matthew.finkel@xxxxxxxxx>
Date: Fri, 19 Apr 2013 02:53:17 +0000
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Apr 2013 22:53:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=dDhWP6Tfo59voq9f3K9OVK5q1O+/kSBfmygT3ozQFds=; b=oBp5NKqy62iX5tZdWz69Xw+q4S3i2Sxwg3Luu/BSlVMRx3JwqfDc0hEt9PJUZ+zFcK rlb207CBASed0W6iUCGoLKeNIBFQNIz++Ug/BsXAiLm1BDwvAJ/3skpsrb1hAeBmiQOF FHPy6i6dLd7gmIUUXlA9wwJMzTzs+/nTYAZhLpvnpLOa2fpJx1SwlWi6vg2iGq4m69d4 DYfblPLytjKoPEszm/pvPlS1ALZv52owjGOZE6N755NqSPWlfahYDZkm+ZG13yTwzCKu zuTDYD7kaxJA8Txl4oiq9eX7pVEHVHhEA/Dd/nUk054P9UJC7vZfW7UGSeCr4RA9RE3a QZDA==
In-reply-to: <51706C32.4050305@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti29sL5hA2qhCjDNn6cfppBFzO5FiuoZ8GOrb4SQbhGxQNg@xxxxxxxxxxxxxx> <CADgVO6wLULK9jUYFVKrEL_G7Z2Xe+jCaHz3mFxDz5mpRMmRRJQ@xxxxxxxxxxxxxx> <20130418200123.GA2774@localhost> <51706C32.4050305@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Apr 18, 2013 at 09:57:06PM +0000, Jacob Appelbaum wrote:
> Matthew Finkel:
> > On Thu, Apr 18, 2013 at 09:01:21AM +0000, Matt Pagan wrote:
> >>> They're based in San Francisco, along with Craigslist (which
> >>> is another misguided arbitrary blocker of Tor exits).
> >>> Any other SF based companies that could benefit from
> >>> a visit or hackerspace talk about why they should not
> >>> be blocking Tor?
> >>
> >> Yelp is based in San Francisco. So is Pinterest. Getting the Wikimedia
> >> Foundation (also based in San Francisco) to come over would be a huge
> >> victory, IMO.
> >>
> > 
> > Wikimedia is actually willing to discuss an alternative setup if a
> > usable one is found. Their current implementation is not really
> > acceptable, but there also isn't really a working/implemented alternative
> > solution, at this point (and it's not exactly at the top of their list
> > to implement their own).
> 
> I was involved in writing the DNSBulkExitList program specifically for
> Wikipedia at the request of Tim S. At the time, I believe that it was
> better than simply blocking every Tor node - it only blocks exit nodes
> that allow exiting to Wikipedia.
> 

Interesting, I assume this was before Onionoo was around. I understand
why it was/is necessary.

> It is possible to request a special flag on a Wikipedia account that is
> granted by way of some special handshake. It is possible to take an
> already created account and use it for edits as the flag overrides the
> Tor block.
> 

Yes, and it's a good solution, assuming one already has an account. The
real issue is creating an account anonymously and then gaining the
privilege to edit with that account...and...

> A workable solution would be to continue to use such a list to detect
> Tor usage and then to ensure that we now allow new accounts to be
> created over Tor. The MediaWiki should ensure that HSTS is sent to the
> user and that the user only ever uses HTTPS to connect to Wikipedia.
> 

Yes, I completely agree.

> I think we should ensure that Wikipedia understands that the account was
> created with Tor and that the user may be using this to circumvent
> censorship, to protect what they are reading or editing from their local
> network censors or surveillance regime as well as to protect IP address
> information that the US currently doesn't really protect (see USA vs.
> Appelbaum; re: my Twitter case). Since the US can see a lot of the
> traffic to Wikipedia, I'd guess that this is important worldwide.
> 

Again, I agree.

> If the user is abusive and an IP block would normally apply, Wikipedia
> would not block by IP but would rather use the normal Wikipedia process
> to resolve disputes (in edits, discussions, etc) and if the account is
> just being used for automated jerk behavior, I think it would be
> reasonable to lock the account, perhaps even forcing the user to solve a
> captcha, or whatever other process is used when accounts are abused in
> an automated fashion.
> 

The fear associated with taking this path is that there will be an
overwhelming amount of "jerk behavior" such that it overwhelms the
wikipedia community and therefore discourages volunteers from actually
reviewing edits. The correct course of action is a difficult problem
(which is why this is likely still unsolved). It may be good to also
have a trial period where the user must submit x number of edits that
are not-deemed-to-be-jerk-behavior before they will be able to edit the
live page, just a thought though.

> Most of that isn't technical - it is a matter of accepting that some of
> us are not free. Some of us who are not free require systems like Tor to
> participate in the Free Culture community curated by the Wikipedia
> community on Wikipedia. Some of us will then be free to be part of that
> community and perhaps, if we work smartly, other freedoms will follow
> from the knowledge of the community.
> 
> All the best,
> Jacob

I think people (in general) lose sight of this, often, and it's important
that we remember why we do what we do, whether supporting a free and
uncensored internet (and world) or supporting a site that provides a
wealth of content not (freely) accessable anywhere else.

With respect to the WikiMedia and Tor communities, it seems as if both
are, understandably, more concerning with furthering their cause than
figuring out a way to work together (not necessarily the devs of the
projects, but the communities as a whole). However, as far as I can tell,
if we're both going to be successful in our goals, we're going to need
to be able to cooperate and determine a solution that fulfills the needs
of both groups - at this point it feels as if Tor users prefer to single
out WikiMedia as not being Tor friendly and the WikiMedia community
doesn't see the benefit of allowing Tor users to contribute (yes, these
are harsh generalizations, sorry).

I really think a solution would be a considerable benefit to everyone.

- Matt
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] CloudFlare
  - From: Jacob Appelbaum

References:
- [tor-talk] CloudFlare
  - From: grarpamp
- Re: [tor-talk] CloudFlare
  - From: Matt Pagan
- Re: [tor-talk] CloudFlare
  - From: Matthew Finkel
- Re: [tor-talk] CloudFlare
  - From: Jacob Appelbaum

Prev by Author: Re: [tor-talk] CloudFlare
Next by Author: Re: [tor-talk] CloudFlare
Previous by thread: Re: [tor-talk] CloudFlare
Next by thread: Re: [tor-talk] CloudFlare
Index(es):
- Author
- Thread