[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]



One of the problems with the idea of a pseudonym service
distinguishing between "good" and 'bad" users is that it has no way on
its own of telling the difference. The service manages pseudonyms,
which are intended to be used out on the web in some way. But the
service can't tell if people are playing nicely or not.

The only way this could happen is if the service receives
*complaints*. This is the only feedback mechanism possible. I gather
that Tor does in fact send out complaints about people who misbehave.
Perhaps blog services do so as well.

One problem is that these complaints generally don't arrive in real
time. It takes time for a human being to notice that some vandalism
has occured and register a complaint. If the pseudonym service is
going to be able to respond, it has to know which pseudonym was active
at the time the bad actions occured.

Jimmy Wales very accurately describes the problem with pseudonyms at
the web-server level. If Wikipedia or blog comments require the use of
pseudonyms, these can be linked after the fact. I am very sensitive to
this problem myself.

The implied solution is that the pseudonym service would maintain the
pseudonyms, but would not reveal them to the web service. Rather, it
would only provide a certificate that the pseudonym is currently in
good standing, i.e. it has not received (too many) complaints.

This implies that the pseudonym service must maintain a record of
recently used pseudonyms, and have some way of mapping them to what
the web services (which issue the complaints, services like Wikipedia)
would have seen. This mapping might be by IP address, or if Wikipedia
and other services are willing to do more, it could perhaps be an
opaque identifier which the pseudonym service provided at the time the
web service (Wikipedia) asked whether this pseudonym was a "good guy"
or not.

As a specific example, the pseudonym service might have replied, to a
query from Wikipedia, "Yes, this user is a good guy, and the sequence
number of this reply is #1493002." Then later if abuse occured,
Wikipedia (or the blog service, or other victim of vandalism) comes
back and said "we had a problem with the user who was certified with
sequence number #1493002". The pseudonym server would map this back to
the pseudonym in use at that time, and invalidate the pseudonym (or at
least give it a bad mark, with enough such marks killing the nym).

The main problems with this solution are first, it requires
considerable manual work on the part of the pseudonym server, similar
to the work necessary at an ISP to resolve complaints about users. It
could be a full time job. And second, it requires custom software at
Wikipedia and other web services that might be willing to work to
implement such a solution.

The second problem could be alleviated by the use of a related
service, a web proxy that is only for "good" pseudonyms. The web proxy
would provide transparent pass-through similar to anonymizer.com, but
only for users who were able to provide the kind of certification
described above, from the pseudonym server. In this way, the outgoing
IP addresses belonging to the web proxy would be "good" from the POV
of Wikipedia and other web services. Those services could continue to
use IP blocking as one of their main tools for handling misuse,
treating the web proxy service as being like an ISP. The web proxy
service could be bundled with the pseudonym service, or they could
exist independently.

CP