[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wikipedia & Tor

On Tue, Sep 27, 2005 at 01:45:21PM -0700, Brian C wrote:
> The next-best idea I've heard so far is for Wikipedia to require those
> coming from tor IPs to login, but the problem there is that then those
> who really need anonymity most to post to Wikipedia wouldn't have it (or
> at least not through tor.)

Allow me to clarify this point, again.  My apologies if you read my
last post on this.

Requiring anonymous users to log on to wikipedia is not a privacy
problem per se; if Alice anonymously creates an account on Wikipedia
named "xyzzy00", then Alice is still untraceable to her new
(pseudonymous) account.  If she needs her activities to be unlinked to
each other, she can get unlinkability by creating multiple accounts
(perhaps because "xyzzy00" edits articles about Alice's field of
academic expertise, whereas "plover11" edits articles about the latest
research on Alice's embarrassing disease).

The problem, of course, is that requiring accounts is not in itself
helpful; if accounts are unlinkable to each other, then an abusive
user could keep creating new accounts ad infinitum.

CAPTCHAs and other reverse turing tests are probably enough to
prevent automated attacks, but a lot of abuse, I'm told, is users
manually vandalizing pages.  This isn't just for wikipedia, either:
you don't need a bot to be really annoying on an IRC network.

Nick Mathewson

Attachment: pgp2I5c3z0BmJ.pgp
Description: PGP signature