[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Wikipedia and Tor - a solution in the works?



Jimmy Wales proposed what he described as a "simple solution to the problem of Tor users being unable to edit Wikipedia."  Here it is:

"trusted user -> tor cloud -> authentication server -> trusted tor cloud -> wikipedia"

"untrusted user -> tor cloud -> authentication server -> untrusted tor cloud -> no wikipedia"

David Benfell responded "So they want us to do their authentication for them.  Wrong answer."  I think this points out exactly the problem with Mr. Wales' proposal, but it's perhaps not clear to everyone why.

First, let me try to understand exactly what it is Mr. Wales is proposing.  Someone, presumably someone not affiliated directly with Wikipedia, is supposed to run an "authentication server".  Presumably this authentication server will establish pseudonymous accounts with some mechanism for authentication (for simplicity let's say username/password).  Some mechanism will be used to tie edits made to Wikipedia to the account username, and upon complaints coming from Wikipedia that account will be disabled.  Now, since the authentication server must not know the true identity of the trusted user (since that would completely destroy the anonymity), there needs to be a way for an untrusted user to become a trusted user.  But to limit abuse where a single person creates many accounts, some mechanism must be implemented at the authentication server to throttle the creation of new pseudonymous accounts.

Let me now explain why the "trusted tor cloud" would be very difficult to implement, as well as why it is essentially useless.  The difference between a "trusted user" and an "untrusted user" is specific to the application.  What Wikipedia considers bad behavior does not coincide with what someone else might consider bad behavior.  While there might be some actions which are fairly universally accepted as bad behavior, it is likely that Wikipedia will not accept merely limiting these behaviors.  What I'm saying in essense, is that the "authentication server" would have to be geared specifically to Wikipedia.  For this reason, the trusted tor cloud would likely be very small, and it would be quite simple to determine the location of the authentication server.  So you might as well remove the "trusted tor cloud" completely, and simply have the authentication server connect directly to Wikipedia.

So now, we have "trusted user -> tor cloud -> authentication server -> wikipedia".  The Tor cloud between the authentication server and Wikipedia was difficult to implement and essentially useless, so we dropped it.  Instead the authentication server connects directly to Wikipedia using a single IP address.  This could be implemented without too much work on the part of Wikipedia, they'd essentially only have to agree not to ban the IP address of the authentication server (at least not for a very long period of time), and to send information about any bad behavior to that server.  In theory you could even run it as a Tor hidden service, increasing the anonymity (especially since Wikipedia doesn't offer https).

If Wikipedia would agree to this, it wouldn't be too hard to set up.  But it would make the most sense for Wikipedia to run the authentication server itself!  Wikipedia already has pseudonymous accounts set up, after all.

To be clear, for those who aren't familiar with the way Wikipedia implements blocking, users, even users that have established accounts on Wikipedia for years, cannot edit Wikipedia if the IP address they are using is blocked (even admins are blocked from editing, though they are able to remove the IP block).  There is a proposal on Wikipedia to correct this, at http://en.wikipedia.org/wiki/Wikipedia:Blocking_policy_proposal .  Almost everyone supports it, the only real question is what mechanism to use to throttle/limit the creation of new accounts.  It seems to me that this is a good implementation of "trusted user -> tor cloud -> authentication server -> wikipedia", where the authentication server is run by Wikipedia itself.  What would be a good additional feature would be for Wikipedia to offer a Tor hidden service to use to connect to Wikipedia.  This is especially true since Wikipedia passwords are passed in plaintext over http and thus could be snooped by an exit node.