Just curious. Has anyone looked into a PGP "plug-in" for WM that would allow totally secure/anonymous editing?
I ask because of this question at /.
admin Yellowikis wrote:
Just curious. Has anyone looked into a PGP "plug-in" for WM that would allow totally secure/anonymous editing?
What would such a thing do?
For encrypting web pages in transit between client and server, HTTPS already provides this.
For hiding the client's true network location from the server, anonymizing proxy networks like Tor already provide this.
The only potentially useful thing I can think of for PGP might be signing of edits to prove a consistent pseudonymous identity.
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
admin Yellowikis wrote:
Just curious. Has anyone looked into a PGP "plug-in" for WM that would allow totally secure/anonymous editing?
What would such a thing do?
For encrypting web pages in transit between client and server, HTTPS already provides this.
For hiding the client's true network location from the server, anonymizing proxy networks like Tor already provide this.
The only potentially useful thing I can think of for PGP might be signing of edits to prove a consistent pseudonymous identity.
Haven't you heard? Public key cryptography is a panacea, it fixes all conceivable software-related problems. Bots attacking your network? Use PKA. Users being harassed by an unfriendly government? Use PKA. A troll is creating 10 sock puppets per day? Just use PKA. It's just a matter of working out how to apply it. The programmers can work out those tedious details, don't worry, they're good at that sort of thing.
-- Tim Starling
Tim Starling wrote:
Haven't you heard? Public key cryptography is a panacea, it fixes all conceivable software-related problems. Bots attacking your network? Use PKA. Users being harassed by an unfriendly government? Use PKA. A troll is creating 10 sock puppets per day? Just use PKA. It's just a matter of working out how to apply it. The programmers can work out those tedious details, don't worry, they're good at that sort of thing.
Don't be silly, Tim. Everybody knows it's P2P that does all those things!
-- brion vibber (brion @ pobox.com)
Brion Vibber (brion@pobox.com) [050517 12:28]:
Tim Starling wrote:
Haven't you heard? Public key cryptography is a panacea, it fixes all conceivable software-related problems. Bots attacking your network? Use PKA. Users being harassed by an unfriendly government? Use PKA. A troll is creating 10 sock puppets per day? Just use PKA. It's just a matter of working out how to apply it. The programmers can work out those tedious details, don't worry, they're good at that sort of thing.
Don't be silly, Tim. Everybody knows it's P2P that does all those things!
So the first person to wikify Freenet gets all the chicks?
- d.
So, if someone from Andijan wanted to edit:
http://en.wikipedia.org/wiki/May_2005_unrest_in_Uzbekistan from Andijan
without fear of being caught by the friendly local police; they'd need to install the Tor client to help protect their IP anonymity and make it more difficult for their network location to be identified.
Setting up a username and password on Wikipedia also helps hide their IP addess (along with Tor)...
But (in theory) the actually post isn't secure from interception (and blocking?) - unless the wiki server is running https.
Do any Wikipedias run https?
BTW: I am sorry for displaying my ignorance about these things - It is a blissful ignorance, the result of living most of my life in a more-or-less civilized, more-or-less democratic country. Don't hesitate to let me know if you ever want help with branding or marketing ;-)
On 5/17/05, Александр Сигачёв alexander.sigachov@gmail.com wrote:
Government being harassed by an unfriendly users. Use PKA. _______________________________________________ Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
admin Yellowikis wrote:
So, if someone from Andijan wanted to edit:
http://en.wikipedia.org/wiki/May_2005_unrest_in_Uzbekistan from Andijan
without fear of being caught by the friendly local police; they'd need to install the Tor client to help protect their IP anonymity and make it more difficult for their network location to be identified.
Setting up a username and password on Wikipedia also helps hide their IP addess (along with Tor)...
But (in theory) the actually post isn't secure from interception (and blocking?) - unless the wiki server is running https.
Tor encrypts traffic from your computer to the exit node. It can indeed be intercepted and blocked, because the IP addresses of the Tor servers are known. I have heard that Tor has been illegal in China since shortly after it was invented, and all traffic to it is blocked. But perhaps it would be useful in countries which are attempting to maintain an appearance of free speech.
In countries with blanket prohibition of anonymising services, the methods for distributing information anonymously are necessarily covert and diverse.
Do any Wikipedias run https?
No. But even if it did, the government could work out who is posting what by simply correlating the transmission time with the edit time. That's possible with Tor too, especially if the number of Tor users in the country is small and they're all being monitored.
Steganography is probably a better way to distribute information in such situations.
-- Tim Starling
Thanks Tim.
So would a secure email -> mediawiki interface (for WikiNews) help protect the person sending the information and the information? even if the message could still be intercepted/blocked?
Paul
On 5/17/05, Tim Starling t.starling@physics.unimelb.edu.au wrote:
admin Yellowikis wrote:
So, if someone from Andijan wanted to edit:
http://en.wikipedia.org/wiki/May_2005_unrest_in_Uzbekistan from Andijan
without fear of being caught by the friendly local police; they'd need to install the Tor client to help protect their IP anonymity and make it more difficult for their network location to be identified.
Setting up a username and password on Wikipedia also helps hide their IP addess (along with Tor)...
But (in theory) the actually post isn't secure from interception (and blocking?) - unless the wiki server is running https.
Tor encrypts traffic from your computer to the exit node. It can indeed be intercepted and blocked, because the IP addresses of the Tor servers are known. I have heard that Tor has been illegal in China since shortly after it was invented, and all traffic to it is blocked. But perhaps it would be useful in countries which are attempting to maintain an appearance of free speech.
In countries with blanket prohibition of anonymising services, the methods for distributing information anonymously are necessarily covert and diverse.
Do any Wikipedias run https?
No. But even if it did, the government could work out who is posting what by simply correlating the transmission time with the edit time. That's possible with Tor too, especially if the number of Tor users in the country is small and they're all being monitored.
Steganography is probably a better way to distribute information in such situations.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
...
wikitech-l@lists.wikimedia.org