[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]



On Thu, 29 Sep 2005 00:17:07 -0400, Nick Mathewson wrote:
> 
> I assume that you're not just ignoring everybody else and replying
> only to what Jimmy says, right?  There have been other posts here
> explaining why pseudonymity and Tor are not at odds, so long as
> pseudonymity is user selected.

Pseudonyms are a separate problem from Tor.  As someone posted, Tor
does not prevent people from using pseudonyms.  If pseudonyms will
solve Wikipedia's problem, then fine; a good portion of this argument
has been about Wikipedia's need for authentication.  See my comments
following your footnote.

> Wikipedia has user accounts and IP-based blocking.  That's a kind of
> authentication.  Wikipedia does not require you to use a user account
> to edit pages, and does not do much to ensure that user accounts
> belong to real people.  That's a lack of authentication.
> 
Now why couldn't *he* say that?  The man's involved with an
encyclopedia project; he should be able to write.

The way this particular aspect of our disagreement arose is that I
accused him of wanting Tor to do his authentication for him.  He
claimed that Wikipedia does do its own authentication.  Now you
explain that Wikipedia does not *require* authentication.  Which
undermines the usefulness of offering authentication.

> It's like how Tor blocks some highly-abusable services, like SMTP on
> port 25, but doesn't do content filtering to try to hunt for abusive
> behavior on exiting streams.  We filter out some abuse, but we can't
> filter out all abuse without turning off the network.  An anti-Tor
> rhetorician could say, "You filter abuse, but you don't filter abuse!"
> But what would that prove?

You are attempting to compare Tor's security policy to Wikipedia's
security policy.

Tor has a security policy.  Tor's security policy is to protect
originating IP addresses which might be connected to persons.  We
hope, in combination with Privoxy, it protects anonymity
reasonably well.  On the reasonable (I think) premise that other
sites are primarily responsible for their own security, it only
limits some abuse.

Now, what is Wikipedia's security policy?  With no authentication
requirement, and a policy that allows anyone to edit (unless they're
connecting from a blacklisted IP address), I might as well ask, "What
is truth?"

> {1} This case is more commonly known, in the literature, as
>     pseudonymous communication than anonymous communication.  Then
>     again, if you're going to invoke dictionaries in a technical
>     discussion, anonymity becomes a very broad term.

But Tor is about anonymity.  Not about pseudonymity.  Not about other
forms of authentication.  As it should be.

From a communication perspective, anonymity has a very specific
meaning.  It means we cannot identify a person.  Note that the failure
to identify a person makes no reference to kind of identification.
There need be no preference for "real life" names versus pseudonyms
versus IP addresses versus whatever else you can think of.  Anything
that identifies a person contradicts the concept that this person is
anonymous.

This has practical implications.  For instance, as someone pointed
out, when the Chinese police raid a dissident's apartment, and search
his hard drive, they are able to tie the pseudonym to a "real life"
identity.  If the police can also connect the pseudonym to what they
consider "crime," the distinction between a pseudonym and a "real
life" name loses much of its value; hopefully, the pseudonym permitted
the dissident to continue his activities for longer.

Now, I will certainly agree, as someone else pointed out, that Tor
should permit the use of pseudonyms or other forms of authentication.
But the fact remains that any identification--as implied by
authentication--contradicts anonymity; it is therefore something which
Tor should not involve itself with.

Simply put, it is not and cannot be Tor's problem.

-- 
David Benfell, LCP
benfell@xxxxxxxxxxxxxxxxx
---
Resume available at http://www.parts-unknown.org/