On Sat, Oct 29, 2005 at 09:57:34PM -0700, cyphrpunk wrote: > On 10/29/05, Anthony DiPierro <or@xxxxxxxxx> wrote: > > So now, we have "trusted user -> tor cloud -> authentication server -> > > wikipedia". The Tor cloud between the authentication server and Wikipedia > > was difficult to implement and essentially useless, so we dropped it. > > Instead the authentication server connects directly to Wikipedia using a > > single IP address. This could be implemented without too much work on the > > part of Wikipedia, they'd essentially only have to agree not to ban the IP > > address of the authentication server (at least not for a very long period of > > time), and to send information about any bad behavior to that server. In > > theory you could even run it as a Tor hidden service, increasing the > > anonymity (especially since Wikipedia doesn't offer https). > > I agree with this concept, but I think you are focusing too narrowly > on Wikipedia. The general case is: > > trusted user -> tor cloud -> authentication server -> whatever > > The point is, as Jimmy Wales notes, what constitutes abuse is not that > different for Wikipedia than for other wikis, for blog spam, for email > spam, and for many other services on the net. An authentication server > that only allows trusted users through is a generally useful > capability. i am not sure who of us is most confused about how this should work. the following may be completely obvious to everybody except me. in that case i'll just write it down for myself. (-: nym (and in any other IMHO reasonable architecture) is baesd on the idea that a user provides some credential like an IP address or (slightly more effective) an e-mail address that is hard to replicate in huge amounts. wikipedia does that, but the problem with that is that (a) tor nodes are punished for routing troll traffic and (b) it simply doesn't work. this is where nym comes in. it hides the IP address from wikipedia, replacing it with a token that is exactly as hard to obtain as an IP address, but detached from the user's real identity. the authentication server knows which IP address gets a token, and that no IP address gets more than one token, but doesn't know the mapping between IP addresses and tokens. wikipedia can only see tokens, but no IP addresses (except those of tor nodes), but trusts the authentication server not to issue several tokens to the same address. if wikipedia is unhappy with a user, it bans that user's token (with the same effect as banning an IP address if there was no tor network). if a blog site is perfectly happy with that same user, that site doesn't ban her token, and she can keep blogging like mad, until she gets banned here, too. the authentication server is not involved in the punishment and excommunication on either site at all. its only job is to detach identifying and anonymous credentials in a way that makes sybling attacks hard. as i understand the architectures anthony and cypherpunk propose, it doesn't have these properties. nym does. cheers, m.
Attachment:
signature.asc
Description: Digital signature