On Tue, 14 Jan 2014, at 3:32, Zack Weinberg wrote:
On Sun, Jan 12, 2014 at 11:46 PM, Gryllida gryllida@fastmail.fm wrote:
On Mon, 13 Jan 2014, at 15:29, Gregory Maxwell wrote:
What freenode does is not functionally useful for Tor users. In my first hand experience it manages to enable abusive activity while simultaneously eliminating Tor's usefulness at protecting its users.
The "register at real IP, then only use TOR through an account" flow implies trust in some entity (such as freenode irc network opers or Wikipedia CheckUsers). I currently believe that requiring such trust doesn't "eliminate TOR's usefullness at protecting its users".
I rather think it does. Assume a person under continual surveillance. If they have to reveal their true IP address to Wikipedia in order to register their editor account, the adversary will learn it as well, and can then attribute all subsequent edits by that handle to that person *whether or not* those edits are routed over an anonymity network.
Doesn't it get solved if, despite the "surveillance", the trust entity ("freenode opers" or "wikipedia checkusers") reveals the user's IP only under a court order?
To satisfy Applebaum's request, there needs to be a mechanism whereby someone can edit even if *all of their communications with Wikipedia, including the initial contact* are coming over Tor or equivalent.
Rubbish. This makes a vandal inherently untrackable and unblockable.