[Foundation-l] Warrantless (government) surveillance of reader activity. Was: Release of squid log data
Gregory Maxwell
gmaxwell at gmail.com
Sat Sep 15 21:28:58 UTC 2007
On 9/15/07, Erik Moeller <erik at wikimedia.org> wrote:
> On 9/15/07, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> > The appropriate question for foundation-l is, should we be spending
> > some money to do something like this?
>
> Doesn't an anonymization network like TOR provide the same value for
> readers who need to access Wikipedia securely (and, in this case, also
> anonymously)?
Everyone should have the ability to access Wikipedia in privacy, not
just the few who have the knowledge, patience, and foresight to
install and use TOR.
Tor has a number of significant problems which discourage its use:
(1) Tor is impressively slow and will never be as fast as native
browsing. By Tor's very nature it routes your traffic around the
network. Even if the Tor network stops being overloaded, it will
always be slow compared to direct access.
(2) Today, Tor greatly increases the vulnerability of the users
traffic to interception by groups less trustworthy than governments
and ISPs.*
(3) The total anonymization which is unneeded by many who just don't
want their interests exposed means that our projects will most likely
continue to block editing from Tor.
We can take action to reduce these problems, and completely eliminate
(2), by running some Tor exists ourselves as I proposed at
http://lists.wikimedia.org/pipermail/wikien-l/2007-September/080667.html
I strongly believe we should run some Wikimedia-only Tor exits, as I
proposed, and I'd be glad to do the work to make it happen. The cost
and difficulty of doing so should be low enough that it could be a
near term project.
But I think it's important that we understand that Tor is not a very
mainstream solution: it requires expertise unavailable to, a level of
protection unneeded by (there is little reason to hide that you are
accessing Wikipedia at all), and performance undesirable to to most
readers.
Saying "You can use Tor to hide what articles you are reading" is a
little bit like saying "You can download the static dumps to hide what
articles you are reading". :) It's true, some may do it, but it's not
very effective.
I think of SSL as similar to the level of confidentiality a public
library is understood to offer. Your activities are not secret to the
library, and the public can tell you are visiting the library... but
what you read there is expected to be kept in confidence. Tor is more
like sending friends to get their friends go get books on your
behalf... more private but inconvenient.
*See "Tor Used To Collect Embassy Email Passwords"
http://it.slashdot.org/article.pl?sid=07/09/11/1730258
More information about the foundation-l
mailing list