On Tue, 14 Jan 2014, at 3:32, Zack Weinberg wrote:
On Sun, Jan 12, 2014 at 11:46 PM, Gryllida
<gryllida(a)fastmail.fm> wrote:
On Mon, 13 Jan 2014, at 15:29, Gregory Maxwell
wrote:
What freenode does is not functionally useful for
Tor users. In my
first hand experience it manages to enable abusive activity while
simultaneously eliminating Tor's usefulness at protecting its users.
The "register at real IP, then only use TOR through an account" flow
implies trust in some entity (such as freenode irc network opers or
Wikipedia CheckUsers). I currently believe that requiring such trust
doesn't "eliminate TOR's usefullness at protecting its users".
I rather think it does. Assume a person under continual surveillance.
If they have to reveal their true IP address to Wikipedia in order to
register their editor account, the adversary will learn it as well,
and can then attribute all subsequent edits by that handle to that
person *whether or not* those edits are routed over an anonymity
network.
Doesn't it get solved if, despite the "surveillance", the trust entity
("freenode opers" or "wikipedia checkusers") reveals the user's IP
only under a court order?
To satisfy Applebaum's request, there needs to be a mechanism whereby
someone can edit even if *all of their communications with Wikipedia,
including the initial contact* are coming over Tor or equivalent.
Rubbish. This makes a vandal inherently untrackable and unblockable.