[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wikipedia and Tor - a solution in the works?

On 10/30/05, Matthias Fischmann <fis@xxxxxxxxxxxxxxxxx> wrote:
> nym (and in any other IMHO reasonable architecture) is baesd on the
> idea that a user provides some credential like an IP address or
> (slightly more effective) an e-mail address that is hard to replicate
> in huge amounts.

Or even money! The mechanism by which the server makes new tokens hard
to get would be up to the server operator. The point is that it is
supposed to be bad if you lose one, you can't just get another.

> wikipedia does that, but the problem with that is that (a) tor nodes
> are punished for routing troll traffic and (b) it simply doesn't work.
> this is where nym comes in.  it hides the IP address from wikipedia,
> replacing it with a token that is exactly as hard to obtain as an IP
> address,

(or even harder)

> but detached from the user's real identity.  the
> authentication server knows which IP address gets a token, and that no
> IP address gets more than one token, but doesn't know the mapping
> between IP addresses and tokens.  wikipedia can only see tokens, but
> no IP addresses (except those of tor nodes), but trusts the
> authentication server not to issue several tokens to the same address.
> if wikipedia is unhappy with a user, it bans that user's token (with
> the same effect as banning an IP address if there was no tor network).
> if a blog site is perfectly happy with that same user, that site
> doesn't ban her token, and she can keep blogging like mad, until she
> gets banned here, too.  the authentication server is not involved in
> the punishment and excommunication on either site at all.  its only
> job is to detach identifying and anonymous credentials in a way that
> makes sybling attacks hard.
> as i understand the architectures anthony and cypherpunk propose, it
> doesn't have these properties.  nym does.

Right, so here's the problem. Wikipedia, every other wiki, and every
blog site, must change their software to recognize tokens as an
alternative to IP addresses. This solution still requires the net to
rewrite itself to accommodate Tor.

My solution goes in the other direction. I propose a server which will
let the net work the way it does now, filtering by IP, while still
letting anonymous Tor users not be blocked due to the misbehavior of
others. We centralize the token-to-IP mapping in one server which is
token-aware and don't require every web service on the net to be
rewritten. It's a much better solution.