Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]

[Jimmy Wales <jwales@xxxxxxxxx>]

David Benfell wrote:
> Pseudonyms are a separate problem from Tor.  As someone posted, Tor
> does not prevent people from using pseudonyms.  If pseudonyms will
> solve Wikipedia's problem, then fine; a good portion of this argument
> has been about Wikipedia's need for authentication.  See my comments
> following your footnote.

Pseudonyms are in fact a very key part of what Wikipedia does about
this, but as has been discussed at some length here, published synonyms
on Wikipedia can be a risk to some people as well.  This is one of the
reasons I'm arguing for pushing some of the trust/nym stuff into the Tor
cloud.

Let me explain.  Mary (real name) lives under an oppressive regime.  She
joins Wikipedia and leaves comments at many many blogs under the nym
'The Dissident'.  Her words are eloquent and persuasive, and begin to
have a positive impact.  One of the risks she faces is that if she's
seen blogging or some part of what she's done is revealed, it is _all_
then revealed.

Consider instead if a huge group of basically trustworthy people are
coming to Wikipedia and editing via a cloud of Tor ips.  Even if one
edit is somehow linked back to Mary, the entire chain cannot be linked
back to Mary, because she's been speaking without pseudonym, under an
'identity' (a group of Tor exit servers) that is shared by hundreds of
other decent people.

This is great, and I would love to leave Wikipedia open to such use.

>>Wikipedia has user accounts and IP-based blocking.  That's a kind of
>>authentication.  Wikipedia does not require you to use a user account
>>to edit pages, and does not do much to ensure that user accounts
>>belong to real people.  That's a lack of authentication.
>>
> 
> Now why couldn't *he* say that?  The man's involved with an
> encyclopedia project; he should be able to write.

I apologize to you for any lack of clarity in my writing.  I am quite
certain that the fault is entirely mine, and humbly request your
forgiveness.  The mistake I made was in assuming that someone who would
take part in this discussion would already have experience with how
Wikipedia works.  I should have explained the basics more clearly.

I thank you for your contributions to this discussion.

> The way this particular aspect of our disagreement arose is that I
> accused him of wanting Tor to do his authentication for him.  He
> claimed that Wikipedia does do its own authentication.  Now you
> explain that Wikipedia does not *require* authentication.  Which
> undermines the usefulness of offering authentication.

Do you understand it better now?  Do you have further questions?  I am
here to help you.

We do authentication, so that people _may_ establish a pseudonym and
therefore an identity and reputation.  We leave it optional, in part so
that people for whom even a pseudonym presents an unacceptable risk
level can still participate.  This leaves us open to a certain level of
abuse; we are prepared to accept that.  I am seeking mechanisms whereby
we can enhance people's privacy by moving some of the reputation
mechanism into the relatively more secure tor cloud.

> Now, what is Wikipedia's security policy?  With no authentication
> requirement, and a policy that allows anyone to edit (unless they're
> connecting from a blacklisted IP address), I might as well ask, "What
> is truth?"

But I hope that, unlike Pontius Pilate, you'll stay for an answer. :-)

--Jimbo