[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Voting for nym

On Thu, 1 Dec 2005, Roger Dingledine wrote:

On Fri, Dec 02, 2005 at 12:51:21AM +0000, Jason Holt wrote:
Rather than the elected Wikipedia officials deciding on proposals directly,
the modus operandi seems to be to take a vote among the users.

Hi Jason,

Can you walk us through the trade-offs between the following two schemes?

a) Adding the patch to MediaWiki and having Wikipedia track which certs
are good and which are bad.

b) Running an http proxy of your own somewhere that demands
authentication via certs, and then allows proxying to Wikipedia?

Option b seems to need some way for Wikipedia to tell you "who" caused
abuse so you can remember that yourself, but on the other hand maybe
it's easier for Wikipedia to handle?

There's no point in writing a proxy if it'll still require support on wikipedia's end. To be zero-barrier, the proxy would have to:

* maintain a table of "nymuserXX" wikipedia logins

* automatically login to wikipedia using the one corresponding to the connecting nym user

* prevent the client from logging out or doing other things that would let them hide behind the nym proxy using anything other than their assigned pseudonym.

I'm not sure exactly how blocking registered users works; if we're lucky, misbehaving users would get their "nymuserXX" account blocked, but other nym users coming from the proxy would still be fine. If we're not (and I think this is actually how it works), then once a user got blocked, the proxy's IP would also get blocked to keep the misbehaver from simply logging out and continuing to vandalize. This would make the proxy quite useless.

Such a proxy would have a number of other significant drawbacks:

* whereas the existing MediaWiki patch provides cryptographically strong pseoudonymity with less than 20 lines of code, the proxy would run over http, where the "nymuserXX" logins could be sniffed and used by others (and subject to abuse by the proxy admin as well)

* it could easily turn out to be more complicated and bug-prone than the entire rest of the system

* the proxy would be a single point of failure

* making nym opt-out instead of opt-in increases the risk of wikipedia being impatient with abuse (and being more likely to block the proxy entirely)

I'm not sure what to do next with nym; my list post didn't garner a single response, and while the proposal page did get 5 "for" votes, it doesn't seem to be enough to spur the wikipedia community into action. I don't personally use tor very often, so perhaps others could make a more impassioned argument to wikipedia. Or perhaps we can start elsewhere to gain some practical experience with nym before we ask a huge site like wikipedia to hop on board.

The Gentoo wiki/forum (as well as a Knoppix site) uses MediaWiki, and somebody even asked here about using it through tor. We could set up a tor-related MediaWiki with enforced pseudonymity (perhaps as a hidden service), and it might not be too hard to interface nym with other services (such as blogging software).

Mostly I'm waiting to see what people actually care about.