On Sun, Jan 12, 2014 at 11:46 PM, Gryllida gryllida@fastmail.fm wrote:
On Mon, 13 Jan 2014, at 15:29, Gregory Maxwell wrote:
What freenode does is not functionally useful for Tor users. In my first hand experience it manages to enable abusive activity while simultaneously eliminating Tor's usefulness at protecting its users.
The "register at real IP, then only use TOR through an account" flow implies trust in some entity (such as freenode irc network opers or Wikipedia CheckUsers). I currently believe that requiring such trust doesn't "eliminate TOR's usefullness at protecting its users".
I rather think it does. Assume a person under continual surveillance. If they have to reveal their true IP address to Wikipedia in order to register their editor account, the adversary will learn it as well, and can then attribute all subsequent edits by that handle to that person *whether or not* those edits are routed over an anonymity network.
To satisfy Applebaum's request, there needs to be a mechanism whereby someone can edit even if *all of their communications with Wikipedia, including the initial contact* are coming over Tor or equivalent. Blinded, costly-to-create handles (minted by Wikipedia itself) are one possible way to achieve that; if there are concrete reasons why that will not work for Wikipedia, the people designing these schemes would like to know about them.
zw