[Foundation-l] Release of squid log data
Anthony
wikimail at inbox.org
Fri Sep 21 01:01:41 UTC 2007
On 9/20/07, Ben McIlwain <cydeweys at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Anthony wrote:
> > On 9/19/07, SlimVirgin <slimvirgin at gmail.com> wrote:
> >> Yes, I agree that protecting IP address is hard.
> >
> > Not for admins. Just use Tor.
>
> It's very easy to say "just use Tor". But have you actually done so?
Umm, yeah.
> I bet I have more Tor experience than 99% of the people on this list -- I
> semi-regularly use it for web browsing and I've even written up some
> GNU/Linux applications designed to interface through Tor on the command
> line.
I edit Wikipedia through Tor all the time. I even set up a script
which compares the list of tor exit nodes against the list of blocked
Wikipedia IPs and tells Tor to use only exit nodes which allow
editing, thus avoiding blocking.
> And my simple conclusion is this: Tor is slow. Really really
> slow. It turns a 100ms page load into a page load that takes many
> seconds, *if* it doesn't time out.
Do you have the latest version? I'm getting fairly consistent page
loads of less than a second right now. Maybe it's because of the exit
node thing. But it seems to me like you must not have the latest
version.
> Using Tor makes the web browsing
> experience significantly worse, and only makes sense to use when
> security is really in question.
Well, obviously "security" is a big issue for Sarah.
> Wikipedia should not be a site whose
> security is so risky that we have to recommend our admins go through the
> agony of trying to do all of their Wikipedia work through Tor.
>
I wouldn't recommend it to everyone, only to paranoid people like me and Sarah.
> And by the way, remember that all unencrypted web traffic ends up
> unencrypted at the Tor exit node, and can be (and sometimes is) sniffed
> by unscrupulous folks. If you are using Tor you *must* make sure to use
> only the secure Wikimedia https proxy.
Of course. This is a good idea for admins to always do anyway.
> Even that is difficult though,
> because you'll end up clicking a link that takes you to unsecure http
> pages (such as a diff links), and before you can blink, your admin
> cookie has gone across the web unencrypted. As far as I can see there
> is no fool-proof way of using Tor with Wikipedia, except for maybe
> blocking unencrypted http Wikipedia at a firewall level.
Umm, now I'm going to have to ask you: have you ever actually used
Tor? Cookies don't get sent to the unsecure pages, and the diff links
aren't unsecure.
More information about the foundation-l
mailing list