I'm talking to some Tor people, trying to explain to them why Tor servers are so often blocked from editing wikipedia. I'd like to collect some information (horror stories) about it...
I've blogged about my own proposed solution to the problem. http://blog.jimmywales.com/
--Jimbo
Jimmy Wales wrote:
I'm talking to some Tor people, trying to explain to them why Tor servers are so often blocked from editing wikipedia. I'd like to collect some information (horror stories) about it...
I've blogged about my own proposed solution to the problem. http://blog.jimmywales.com/
--Jimbo
Regarding Tor, does anyone have, or has anyone considered, an auto-discovery robot to find Tor proxies?
This would be a Tor client which would connect to Tor at regular intervals and hit a special URL with a magic authenticating token in it, that would automatically ban the IP in question.
Sooner or later, it would work its way through all, or almost all, of the proxies in the Tor cloud.
-- Neil
Neil Harris wrote:
Regarding Tor, does anyone have, or has anyone considered, an auto-discovery robot to find Tor proxies?
This would be a Tor client which would connect to Tor at regular intervals and hit a special URL with a magic authenticating token in it, that would automatically ban the IP in question.
Sooner or later, it would work its way through all, or almost all, of the proxies in the Tor cloud.
It's not necessary, Tor have a public exit node list. See for example http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl . The Tor developers are actually very sympathetic to our situation... or at least they became sympathetic after a series of conversations between our developer Domas Mituzas and Tor developer Roger Dingledine, starting at the CCC last December.
My question to Roger at his CCC lecture was "are you going to provide us with a client library for automated blocking of Tor exit nodes?" to which his answer was no, but several months later we received this:
http://tor.eff.org/cvs/tor/contrib/exitlist
and the Tor developers even made plans to integrate it into MediaWiki for us. That hasn't eventuated, but I appreciate the gesture.
Roger's preferred solution in MediaWiki is to enable admins to make short-duration blocks (say 15 minutes) of all Tor exit nodes simultaneously. My preferred solution is to delay edits:
http://article.gmane.org/gmane.science.linguistics.wikipedia.technical/18932
...although that is quite a bit more complicated and thus less likely to get done. At least my proposal serves to highlight our differences in viewpoint. Tor supporters like to justify their existence from the moral high ground of protection against government persecution or industrial espionage. But what the bulk of Tor users are really interested in is obscuring their identity server administrators, and that carries with it a different set of ethical implications.
Administrators of wikis, forums, webmail and IRC all use IP blacklists as a means to enforce a code of behaviour. Roger counters that server administrators should move from IP-based access control to more secure identification methods such as PKA coupled with credit card authentication. But would that really be a step forward for privacy?
-- Tim Starling
Tim Starling wrote:
Administrators of wikis, forums, webmail and IRC all use IP blacklists as a means to enforce a code of behaviour. Roger counters that server administrators should move from IP-based access control to more secure identification methods such as PKA coupled with credit card authentication. But would that really be a step forward for privacy?
Your answer is precisely correct. We could even require Chinese dissidents (or similar) to fax in a copy of their passport to validate their user account. We could do a lot of things to prevent Tor abuse, but the point is we want to be as open as possible, and we want people to be as private as they need to be, without having grief.
What I recommend is that Tor resolve this problem in this way:
user -> tor cloud -> tor authentication -> tor trusted cloud -> website
If a website complains about a particular ip at a particular time, in the trusted cloud, then tor retains enough information to track it back to the authentication server account. They still have no clue who the original user is, but they can then use whatever methods they want to keep jerks off the trusted cloud -- and then we could treat the trusted cloud like any other dynamic ip range.
--Jimbo
On 9/27/05, Jimmy Wales jwales@wikia.com wrote:
What I recommend is that Tor resolve this problem in this way:
user -> tor cloud -> tor authentication -> tor trusted cloud -> website
If a website complains about a particular ip at a particular time, in the trusted cloud, then tor retains enough information to track it back to the authentication server account. They still have no clue who the original user is, but they can then use whatever methods they want to keep jerks off the trusted cloud -- and then we could treat the trusted cloud like any other dynamic ip range.
I have my doubts that Tor is going to want to get into the business of policing its user base for "appropriate conduct", or even get into the business of credentialling its users at all. Also, an abusive user could easily create a new identity whenever his old one gets banned; there'd be no way for Tor link the new identity to the old, banned one.
No matter how you slice it, if the default trust level allows edits, then we'll get vandalism; if the default trust level does not allow edits, we'll never learn whether any particular identity should be trusted. There's simply no way with Tor in the picture that we can reliably link an identity at the server end with a specific end user without issuing credentials via some outside channel that the user has to validate after they connect. As long as trustable credentials are available anonymously and automatically, vandals will continue to acquire and use them.
Kelly
Neil Harris wrote:
Regarding Tor, does anyone have, or has anyone considered, an auto-discovery robot to find Tor proxies?
This would be a Tor client which would connect to Tor at regular intervals and hit a special URL with a magic authenticating token in it, that would automatically ban the IP in question.
Sooner or later, it would work its way through all, or almost all, of the proxies in the Tor cloud.
This is unnecessary since Tor is happy to give us the list. What I'm looking to persuade them is simply that we aren't being Chinese censors by blocking these, but that there are legitimate difficult issues here, and as much as we love privacy, we need them to help us work out a way to handle this.
--Jimbo
On 9/27/05, Jimmy Wales jwales@wikia.com wrote:
I'm talking to some Tor people, trying to explain to them why Tor servers are so often blocked from editing wikipedia. I'd like to collect some information (horror stories) about it...
Jimbo, one Tor horror story was [[User:Enviroknot]], who also edited as [[User:KaintheScion]] and [[User:ElKabong]], He used Tor to post anonymous Islamophobic abuse of Muslim editors, and managed to turn Islam-related talk pages into toxic waste dumps for weeks before the arbcom banned him, and before we had blocked all the open proxies we knew he was using. At least in part because of him, one Muslim editor started responding in kind, and is now up before the arbcom for it, so the fallout isn't over yet.
Sarah
Jimmy Wales wrote:
I'm talking to some Tor people, trying to explain to them why Tor servers are so often blocked from editing wikipedia. I'd like to collect some information (horror stories) about it...
I've blogged about my own proposed solution to the problem. http://blog.jimmywales.com/
I've done some quick and dirty analysis. WP access is pretty slow for me at the moment, but if my methodology seems useful, I'll run a larger sample later.
I grabbed the perl script here: http://archives.seul.org/or/talk/Feb-2005/msg00009.html
Running this script produced a list of 364 Tor exit points. Running grep to find those with port 80 enabled resulted in a list of 198 exit points.
I then picked 10 of those allowing port 80 at random and queried their contributions to en.wikipedia.org.
6 of the 10 exit points had no contributions. The remaining 4 exit points accounted for a total of 44 edits. 18 of those edits could immediately be classed as vandalism, the remaining 26 were not obviously vandalism, though some of them could have been revert wars.
Of the 18 obviously bad edits, 6 were part of an attack on the user page of an admin. That attack is still ongoing, though it now seems to be originating from open proxies and not Tor nodes.
On a personal note, as somebody who does frequent bouts of RC patrol, the proxies of major ISPs produce orders of magnitude more disruption than Tor nodes. Then again, Tor is probably easier to deal with.
Please let me know if this was useful. If so, I will run a larger sampling when things recover from the crash of ariel.
GraemeL