On 9/20/07, Ben McIlwain <cydeweys(a)gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anthony wrote:
On 9/19/07, SlimVirgin
<slimvirgin(a)gmail.com> wrote:
Yes, I agree that protecting IP address is hard.
Not for admins. Just use Tor.
It's very easy to say "just use Tor". But have you actually done so?
Umm, yeah.
I bet I have more Tor experience than 99% of the
people on this list -- I
semi-regularly use it for web browsing and I've even written up some
GNU/Linux applications designed to interface through Tor on the command
line.
I edit Wikipedia through Tor all the time. I even set up a script
which compares the list of tor exit nodes against the list of blocked
Wikipedia IPs and tells Tor to use only exit nodes which allow
editing, thus avoiding blocking.
And my simple conclusion is this: Tor is slow. Really
really
slow. It turns a 100ms page load into a page load that takes many
seconds, *if* it doesn't time out.
Do you have the latest version? I'm getting fairly consistent page
loads of less than a second right now. Maybe it's because of the exit
node thing. But it seems to me like you must not have the latest
version.
Using Tor makes the web browsing
experience significantly worse, and only makes sense to use when
security is really in question.
Well, obviously "security" is a big issue for Sarah.
Wikipedia should not be a site whose
security is so risky that we have to recommend our admins go through the
agony of trying to do all of their Wikipedia work through Tor.
I wouldn't recommend it to everyone, only to paranoid people like me and
Sarah.
And by the way, remember that all unencrypted web
traffic ends up
unencrypted at the Tor exit node, and can be (and sometimes is) sniffed
by unscrupulous folks. If you are using Tor you *must* make sure to use
only the secure Wikimedia https proxy.
Of course. This is a good idea for admins to always do anyway.
Even that is difficult though,
because you'll end up clicking a link that takes you to unsecure http
pages (such as a diff links), and before you can blink, your admin
cookie has gone across the web unencrypted. As far as I can see there
is no fool-proof way of using Tor with Wikipedia, except for maybe
blocking unencrypted http Wikipedia at a firewall level.
Umm, now I'm going to have to ask you: have you ever actually used
Tor? Cookies don't get sent to the unsecure pages, and the diff links
aren't unsecure.