Matthew Finkel: > On Thu, Apr 18, 2013 at 09:01:21AM +0000, Matt Pagan wrote: >>> They're based in San Francisco, along with Craigslist (which >>> is another misguided arbitrary blocker of Tor exits). >>> Any other SF based companies that could benefit from >>> a visit or hackerspace talk about why they should not >>> be blocking Tor? >> >> Yelp is based in San Francisco. So is Pinterest. Getting the Wikimedia >> Foundation (also based in San Francisco) to come over would be a huge >> victory, IMO. >> > > Wikimedia is actually willing to discuss an alternative setup if a > usable one is found. Their current implementation is not really > acceptable, but there also isn't really a working/implemented alternative > solution, at this point (and it's not exactly at the top of their list > to implement their own).
I was involved in writing the DNSBulkExitList program specifically for Wikipedia at the request of Tim S. At the time, I believe that it was better than simply blocking every Tor node - it only blocks exit nodes that allow exiting to Wikipedia. It is possible to request a special flag on a Wikipedia account that is granted by way of some special handshake. It is possible to take an already created account and use it for edits as the flag overrides the Tor block. A workable solution would be to continue to use such a list to detect Tor usage and then to ensure that we now allow new accounts to be created over Tor. The MediaWiki should ensure that HSTS is sent to the user and that the user only ever uses HTTPS to connect to Wikipedia. I think we should ensure that Wikipedia understands that the account was created with Tor and that the user may be using this to circumvent censorship, to protect what they are reading or editing from their local network censors or surveillance regime as well as to protect IP address information that the US currently doesn't really protect (see USA vs. Appelbaum; re: my Twitter case). Since the US can see a lot of the traffic to Wikipedia, I'd guess that this is important worldwide. If the user is abusive and an IP block would normally apply, Wikipedia would not block by IP but would rather use the normal Wikipedia process to resolve disputes (in edits, discussions, etc) and if the account is just being used for automated jerk behavior, I think it would be reasonable to lock the account, perhaps even forcing the user to solve a captcha, or whatever other process is used when accounts are abused in an automated fashion. Most of that isn't technical - it is a matter of accepting that some of us are not free. Some of us who are not free require systems like Tor to participate in the Free Culture community curated by the Wikipedia community on Wikipedia. Some of us will then be free to be part of that community and perhaps, if we work smartly, other freedoms will follow from the knowledge of the community. All the best, Jacob _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
