this is where nym comes in. it hides the IP address from wikipedia,
replacing it with a token that is exactly as hard to obtain as an IP
address, but detached from the user's real identity. the
authentication server knows which IP address gets a token, and that no
IP address gets more than one token, but doesn't know the mapping
between IP addresses and tokens. wikipedia can only see tokens, but
no IP addresses (except those of tor nodes), but trusts the
authentication server not to issue several tokens to the same address.
I don't really see how nym provides the security that was talked about
by Mr. Wales, with the authentication server and the trusted
cloud. It is really an entirely different solution. But
more importantly, nym, as I understand it, doesn't provide the same
security as using the IP address directly. Nym doesn't provide
you with a token showing that have a unique IP address, it provides you
with a token showing that - at some point in the past - you had a
unique IP address.
I'm not sure when, if ever, tokens and certificates are supposed to
expire, but between expirations if you happen to be using an IP address
which was used by someone else to obtain a token (or, furthermore, if
you simply have lost the certificate you obtained for yourself), then
you can't obtain a token, and therefore can't obtian a
certificate. Furthermore, it would be rather trivial for anyone
on an account which uses dynamic IP addresses to build up a huge
assortment of valid certificates, which could be used later if one of
them becomes invalid, and in fact such selfish behavior would
inherently destroy the system, as major ISPs would have a scarce supply
of tokens available.
Finally, the anonymity only increases as more people use the system
(and in fact would be completely unacceptable for anything but the most
trivial of protections without a significant number of users), and
usability decreases as more people use the system (for the reasons
above).
I'm not even going to even get into what would happen if someone
manages to spoof IP addresses to the token server. This is
arguably a problem with Wikipedia's current system anyway, though on a
more temporary basis. Same thing with IPv6.
if wikipedia is unhappy with a user, it bans that user's token (with
the same effect as banning an IP address if there was no tor network).
Effectively banning the IP address *forever*. Yes, you could add
an expiration on the certificate to allow someone to obtain a new token
after a certain period of time, but the shorter you make the period of
time, the less the anonymity you're providing (and the less useful the
block).
Anthony