-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good day all,
About once a year the topic of Tor comes up on Wikimedia's technical mailing list. I recently raised the topic again. For those who aren't aware of the situation, currently Wikimedia blocks all edits from Tor users. We are trying to find a way that it might be possible for us to lift that block, while not exposing ourselves to the abuse that seems to inevitably come from Tor and other proxy services. The biggest concern that I have seen is how do we prevent sock puppets. It seems that when Tor was unblocked it was regularly used by people who had been blocked from editing to evade those blocks. There have been a couple of ideas thrown around in the past, but most of them have some sort of objection. I was curious if any of you here might have any ideas? How can we verify that a person is who they say they are, and block them if they are abusive in such a way that it is at least difficult for them to evade the block, but that does not impose a requirement so high as to be prohibitive to those who aren't causing issues? We've thought about setting up infrastructure for Nymble, but that would require Tor users to expose their IP address in order to get a Nymble token. We have also thought about blind signing certificates which are then used to verify a person is the same as before, but it would be trivially easy for someone to get a new one. We've thought about putting all Tor edits into a review queue, but that imposes too high a cost on our other volunteers. Fingerprinting Tor users seems both unethical and difficult, requiring some form of donation seems unethical, difficult, and possibly illegal, and requiring accounts to be created without Tor exposes Tor user's IP addresses. We really don't want to collect private information from Tor users like phone numbers, government IDs, etc. as that information isn't collected for anyone else and seems especially sensitive for Tor users. A more personal note, this email is being sent from my work email address as I use it for list subscriptions (I spent 12 hours a day at work or commuting so this makes lists much easier to keep up on), but I will be signing my emails with my personal PGP key and any off-list messages to me should probably be directed there. Additionally it should be noted that I have a passing familiarity with Tor as both a user and recently became an exit relay operator, though if I missed something blindly obvious, definitely please point it out to me! Thank you, Derric Atzrott User:Zellfaze on English Wikipedia -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFULAfzRHoDdZBwKDgRAp8NAJ9H9Ap6BRVhpLr0TOS5Nf2gGAkBKgCeMiUX mPgZEd/DXE876lE0l6nmTIM= =Gavh -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (MingW32) mQGiBFQZiyYRBACLtvclV0jwo/9suqLjfAQZNRD6wUSxBG+7WDXsFUH8lqkZvW3G y/NvBUzHhBzyCAYvtISANk3d9MX+zjd7moSFDLmqe/bGcjBP/2v2bnQYtPUzVyCl vBUUnSxk9Ike9irS9TBCa13Chr1/DMVS8K1AWtboFjU2lTnbIGwWLrZ8ywCguXSe S34fksoMEdozjhz3GMz3Kn8D/3U0IpNu4cu+SYpmwGUO6pFgwa5LiR98HmoXONhC 0I9Vz1i6yiro2+t/VAIx7F6k+/nBJ4uJcVQ/RG0BZv+oDK+avcRu9i8ReV6e6kJc gFYOCR/yrT4UNkr33XpI6T7B4xu8dZJriAVHDhRJlbdz49bZs+9U7w4xSqdudV42 ritVA/oCQ3tGtenR+9S2ukxz2h1y8qBTtvCgRhKpbY7elXRcEaULpyg6Lb3iZhPd NL82ypNmHPMJtS2K5Th49o4HoAfCXvW3DdTTddpk/ga8fia28KPqbvHbtoCTBe+7 ObQlMC6IRro6UzSTjdf5t3Ftvmxs5Ro1j7EP5z/cs5CWr+MSQrQmRGVycmljIEF0 enJvdHQgPHplbGxmYXplQHplbGxmYXplLm9yZz6IYwQTEQIAIwUCVBmLJgUJAeCv nAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEER6A3WQcCg4a20AoKp9hGsfG/ig 9LJ0LKnoZ68lOJuNAJ0W6GmuKMFTTvYQFM58Eqwt7ye1I4hGBBARAgAGBQJUGYwE AAoJEIYsJh133xw698YAnRhbb6Bur9XGQg8hmvxysK2HfbnOAJ0QA1gEjRkihn2I YUo6KGHYEp/pg7kBDQRUGYsnEAQAurNRbriy6Skx3QdvpXuqs+MHTzxFdf3p2gOe R/7Z2Uw5ufJI6fmW5S+altaaGS48YiW9pCxmSEGZi0aPV+3scLrUVMiYOE0v/kRG rrhYSV4onnDb0Okr4vDj5EZJxYEVKu/XXve6RrEXUHmiwZxmT8LFErmtTcNK1p2W kfn8zzMAAwUD/3yQHJr0a29D7AXnezVH9iOPm0uQv80LBTTcLIErboltt+C3rNNN HkhlCHFDz85Sd2ZZ+yAH7Zep5Mt1SC1dj1mWMCzi8zFn6zSYxCbQfvTIoKsTxD/X G8ATkzXDfLJAQ/WasQHZzC734XpJpb8l+B89SKx66BXqDux/D16spvBYiEwEGBEC AAwFAlQZiycFCQHgr5wACgkQRHoDdZBwKDijhwCeLzma3BX6Ax8PLyV7wN7lMO/q /XoAnRv2sTX1mT4tvO1k/a3FxEPWHN9o =/It2 -----END PGP PUBLIC KEY BLOCK----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
