[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hello directly from Jimbo at Wikipedia



On Wed, Sep 28, 2005 at 11:10:32PM -0400, Paul Syverson wrote:
> My guess is that it would not be hard for them to gather at least a
> couple of puzzle server accounts per day. If not it is probably too
> onerous for honest users wanting to post through Tor.

Yes, that is probably correct, but I still think it is a useful
result. The problem for Wikipedia and Tor is that Wikipedia cannot
differentiate abusers from people who need legitimately need privacy,
since Wikipedia blocks on IP address and Tor is an easy way to get
another IP address.

What needs to be done is to give Wikipedia a way to tell the
difference between legitimate Tor users and abusers. The basis for my
proposal is that abusers can currently get IP addresses quite easily,
through open proxies, zombie machines or simply rebooting their ADSL
modem, as well as through Tor.

To mitigate abuse from Tor, the cost of committing abuse through Tor
needs to be just higher than the cost of an abuser getting another IP
address.  This is not very high. Legitimate Tor users cannot just get
a new IP address since some ways are illegal and they get less privacy
through these than Tor provides.

If Wikipedia abusers find it is easier to get another IP address than
to solve a puzzle and use Tor, then Wikipedia will be able to tell
that Tor users who have solved a puzzle are probably not abusers, and
so can safely unban Tor IP addresses. Wikipedia can block the abusers
through their current mechanisms.

Whether this will work depends on the type of abuse that Wikipedia
receives, and Jimbo is much more qualified to comment on this then me.

Thanks,
Steven Murdoch.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Attachment: pgpd4JEIORvUT.pgp
Description: PGP signature