On 5/18/06, Alphax (Wikipedia email) <alphasigmax(a)gmail.com> wrote:
Tim Starling wrote:
HTTPS does not protect anonymity for editors.
Neither does Tor.
Low-latency encryption methods suffer a common flaw: an attacker
can correlate timestamps and message lengths with the size and posting
time of an edit. With ordinary HTTPS you can also correlate the
destination address. You could almost say that encryption is useless for
sending data which will be public 200ms after it arrives.
Now, if there was a way to silently lock the article and delay the
database update/timestamping for a few seconds...
The Mediawiki code goes out of its way to make it extremely hard to
edit Wikipedia anonymously. If you want to allow anonymous editing, a
start would be a check box which says "post this anonymously".