On Mon, Jan 13, 2014 at 2:51 PM, Gryllida gryllida@fastmail.fm wrote:
On Tue, 14 Jan 2014, at 3:32, Zack Weinberg wrote:
I rather think it does. Assume a person under continual surveillance. If they have to reveal their true IP address to Wikipedia in order to register their editor account, the adversary will learn it as well, and can then attribute all subsequent edits by that handle to that person *whether or not* those edits are routed over an anonymity network.
Doesn't it get solved if, despite the "surveillance", the trust entity ("freenode opers" or "wikipedia checkusers") reveals the user's IP only under a court order?
No. The adversary doesn't need to talk to the "trust entity" to get the user's IP. The adversary learns the IP by eavesdropping on the initial, uncloaked network traffic between the user-to-be and the trusted entity.
Equally, in some contexts it is unacceptable for the trust entity to be able to reveal the user's IP even under legal compulsion or threat of force.
To satisfy Applebaum's request, there needs to be a mechanism whereby someone can edit even if *all of their communications with Wikipedia, including the initial contact* are coming over Tor or equivalent.
Rubbish. This makes a vandal inherently untrackable and unblockable.
This isn't necessarily so. In my previous message I mentioned one technique that *should* be adequate to preventing vandals even when the administrators do not and have never known their IP address of origin. There are others in the literature, and if there are concrete reasons why none of those techniques will work for Wikipedia, people want to know about it.
zw