In case it was not painfully obvious, I posted two very critical messages about the policy of Wikipedia with respect to Tor nodes. I sent one of these messages in April and another just a few hours ago. I apologize for my tone in these messages. I contributed nothing of constructive value, and if I accomplished anything it was only to further polarize the community around the two perspectives. I have neither the intellect nor the disposition to be as level-headed about this as I would like to be, but I will try. I would like to make clear that what I intended to say was that as a researcher in the area of Internet transport, I believe that Tor is a crucial first step to achieving location-independence for Internet peers. I believe in location-independence to the extent that I would like to see every host on the Internet have the ability to communicate without revealing its network address. Since my research specifically revolves around using Tor to achieve location-independence, I tend to become overly frustrated when the providers of vital Internet services impose restrictions that may reduce support for Tor among developers and the general public. We ARE on the same side. I don't think that anyone on this list would question that Roger, Nick, and Jimbo have all worked hard to make the world a better place, and that to a significant extent, their visions of a better world have already been achieved as a result of their efforts. In the absence of a better solution, I am glad that Wikipedia blocks Tor nodes, since otherwise the world would quickly lose an important resource (and Tor would be blamed). In particular, the continued success of the Wikipedia project depends upon articles being accurate and unvandalized, and all potential threats to this goal may rightly be considered suspect. What worries me is that as of now we have not yet ensured that users seeking location-independence would be able to edit Wikipedia articles like everyone else. I do not view the use of Tor as a form of "lurking in shadows"; I think that it represents a happier future in which the use of network-layer addresses to censor the activity of Internet peers is difficult or impossible. It is not necessary to build a user-authentication mechanism into Tor. For example, any third party can build a proxy accessible via Tor that provides authentication considered suitable by Wikipedia, and clients can use that proxy when they want to edit Wikipedia articles. A similar approach that has been widely discussed was to build an authentication mechanism into Wikipedia that would be used only for clients contacting Wikipedia via hosts that would otherwise be filtered. The problem with these two potential solutions is that we still do not have a good idea of what kinds of authentication would actually work. For example, it may be undesirable to use credit card numbers or referrals from existing users. Wikipedia seeks to achieve a certain degree of openness and availability to contributors, and it would seem that mechanisms that authenticate and verify pose a threat to this openness and availability. Might it be possible to come up with a list of technical desiderata for a potential end-to-end Wikipedia access policy? It is my feeling that if we consider the requirements carefully, we will be able to devise a solution that satisfies all of our constraints. Geoff On Tue, Sep 27, 2005 at 01:46:13PM -0400, Jimmy Wales wrote: > I'd like to say thanks for the invitation to join this dialogue. > > Let me tell you what I love. I love the Chinese dissident who wants to > work on Wikipedia articles in safety. I love that Wikipedia is an open > platform that allows people to have that voice, and that we can have a > positive impact on the world in large part because we don't bow to > censorship and we are willing to reach out and work with people like Tor > to empower individuals to speak, no matter what sort of oppressive > conditions they face. > > WE ARE ON THE SAME SIDE. > > So it always dismays me to see conversations like this, and I think that > at least some cooler heads here will understand why I get frustrated and > why I make no apologizes for characterizing at least some people in the > Tor community as being irresponsible. > > "I share frustrations that the statements attributed to Jimmy Wales in > the record below and in previous messages seem to show some fundamental > misunderstandings and willful ignorance of Tor, and more broadly of > identity, identifiers, reputation, authentication, etc. in open > network communications" > > Willful ignorance? Not at all. What I know is that we are forced to > block Tor servers regularly due to persistent vandalism. That's a sad > fact to me. It's a difficult thing for those of us who are serious > about these issues. But the really sad thing is when elements of the > Tor community are not willing to face up to this as a legitimate and > difficult problem. > > "everyone is so worried about it, but has any one ever been successfully > been able to use tor to effectively spam anyone?" > > Yes, of course! We deal with it constantly. We have an effective means > of dealing with it: we block Tor servers from editing wikipedia. But is > that what any of us want? > > "Misbehaviour is in the eye of the observer, however." > > No, actually it isn't. There is such a thing as objectively > identifiable malicious behavior. We aren't Chinese censors here. We're > the good guys. We want to work with you. > > Yes, we could implement tight security to only allow people who identify > themselves (perhaps we'll require a credit card number, someone > suggests?)... but *cough*, aren't we supposed to care about privacy here? > > --Jimbo
Attachment:
signature.asc
Description: Digital signature