

Editing with Tor - tshtf
http://meta.wikimedia.org/wiki/Editing_with_Tor

======
tptacek
If you're not familiar with the scale of the vandalism problem on Wikipedia:
take whatever your intuitive sense of how much vandalism that one of the most
popular sites on the Internet would see if every page on the site included an
"edit" button, and then raise it to the power of some positive integer greater
than 1.

It's an exaggeration, but only slightly, to say that Wikipedia's core mission
is to hold back a giant torrent of vandalism.

~~~
mukyu
The people that just want to change something in an article to 'poop' aren't
going to try to use tor to vandalize and the professional vandals would find
it too slow (except for making malicious usernames or sleeper accounts) and
generally don't have a problem using other proxies or botnet hosts.

I'm sure there is some group of people that would like to do something
nefarious on wikipedia that are stopped by blocking tor, but I personally
think it would more often be someone wanting to sockpuppet rather than
vandalize. A few checkusers always pop up to mention that they see tor as a
sewage pipe, but making their job easier does not mean the encyclopedia is
better off and they would see a strongly biased sample.

~~~
tptacek
Vandalism, sockpuppetry, two sides of the same 50-sided die.

------
calcnerd256
How easy is it to get ahold of a list of Tor exit nodes? In a nightmare
scenario, would wikimedia's list of blocked IPs be something an oppressive
government might covet?

~~~
kronusaturn
The list is already public. There are many mirrors of it, for example, this
one: <http://dannenberg.ccc.de/tor/server/all>

Knowing that open proxies have been a source of problems for e.g. IRC and
email services, the designers of Tor intentionally made it technically
impossible to hide an exit node to help mitigate the potential for abuse.

~~~
dfc
There are so many things wrong with this comment I do not know where to begin.

"The list is already public" is the understatement of the year. If the list
was not public it would be impossible for clients to build a circuit.

"There are many mirrors of it" is the runner up for understatement of the
year. Every running instance of tor has the capability to publish the list of
exit nodes.

I am not going to pretend to understand anonymous mixes as well as arma, Nick
and Paul and I would like to suggest that you do the same. The designers of
tor did not make it "technically impossible to hide an exit node to help
mitigate the potential for abuse."

It is "technically impossible to hide the exit node list" because without the
list clients would not be able to build functioning circuits. But don't take
my word for it:

"We can't help but make the information available, since Tor clients need to
use it to pick their paths. So if the "blockers" want it, they can get it
anyway. Further, even if we didn't tell clients about the list of relays
directly, somebody could still make a lot of connections through Tor to a test
site and build a list of the addresses they see." [1]

Two of the other sides of tptacek's 50 sided die are censorship resistance and
abuse resistance. Anonymity is hard enough as it is. Do everyone a favor and
refrain from telling us what arma, nick and paul intended...

[1]
[https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#You...](https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#YoushouldhidethelistofTorrelayssopeoplecantblocktheexits).

------
dfc
If you are interested in these types of problems the Freenode IRC network had
some tricky challenges with tor and user access.

~~~
wladimir
I believe they solved this by forcing users to identify if they want to login
through tor, isn't it?

The account needs to have been created through non-tor means (ie, normal SSL).
So they can still ban the creator if someone abuses the network.

I think it's a pretty good, practical solution to a very hard problem.

------
peterbotond
[http://www.iq.harvard.edu/blog/sss/archives/2011/07/detectin...](http://www.iq.harvard.edu/blog/sss/archives/2011/07/detecting_edit.shtml)

------
shii
This is also why 4chan blocks all access from Tor nodes. The only people who
use 4chan from Tor are people posting CP and/or evading their ban.

~~~
aw3c2
And since they block even visitors from Tor I do not ever visit it. I would
not go near that site without protecting my identity/privacy.

------
mukyu
Odd how it mentions softblocks in the theoretical sense since they have been
around for years.

------
drivebyacct2
I don't get it. Why is this posted?

~~~
walrus
Because it's an interesting discussion of how a large site deals with a
difficult problem.

