This page is too crowded: Wikipedia:Village pump (proposals)#Privacy protecting authentication via nym. Moving discussion of the proposal to: User talk:Lunkwill/nym. Also creating a voting section at the bottom of this page. Lunkwill 00:40, 2 December 2005 (UTC)
I don't think we should accept your proposal thanks all the same, dear chap. I like wikipedia the way it is and I think we all do actually. Wikipedia is great.~~
Recently there was a lot of discussion on the tor email list about ways in which tor users could contribute to wikipedia articles. For a while now, all the tor exit nodes have been blocked from editing due to vandals using tor to disguise their actual IP addresses.
(But note that there are also benefits for other users of shared-IP services such as school proxies; see below)
It was proposed that cryptographic techniques could be used to ensure that vandals can be blocked, while still allowing helpful users to edit. I implemented such a system and called it nym. It enforces Wikipedia's current mechanism of filtering incoming users by IP address, but allows users to still enjoy privacy via tor.
To use nym, user Alice would do the following:
There is a live test system for nym, including a MediaWiki installation. You can try this process yourself from this page: nym client.
Say Alice goes to a school which uses a single proxy, and has never heard of tor. Her classmate Bob is a vandal and gets the school blocked regularly. Alice can go home, obtain an SSL certificate from her home computer's IP, then load the certificate on her computer at school using her keychain drive. If it's a shared terminal, she simply removes the certificate at the end of her session.
Most of the ways nym can be abused are no different from the challenges Wikipedia already handles on a daily basis. A vandal with access to many IP addresses can use nym to obtain many certificates, all of which would need to be blocked. But this is already the case with Wikipedia.
Nym has the disadvantage that it hides the originating IP, making it more difficult to identify the source of vandalism, although a vandal using a set of IPs to obtain certificates in succession would still end up with certificates with adjacent serial numbers (which could then be blocked as a group). On the other hand, at least for the Javascript client I've described, obtaining each certificate takes several minutes, whereas traditional Wikipedia vandals can make new edits as quickly as they can switch IP addresses.
Ultimately, Wikipedia must decide whether to support nym. The technical requirements are quite reasonable; mainly, we must decide whether the potential hassles are worth the ability to offer privacy to our editors.
Disadvantages:
Advantages:
Source code and documentation for nym, along with the preprint of an academic paper describing nym, can be found at the nym site.
This page is too crowded: Wikipedia:Village pump (proposals)#Privacy protecting authentication via nym. Moving discussion of the proposal to: User talk:Lunkwill/nym. Also creating a voting section at the bottom of this page. Lunkwill 00:40, 2 December 2005 (UTC)
I don't think we should accept your proposal thanks all the same, dear chap. I like wikipedia the way it is and I think we all do actually. Wikipedia is great.~~
Recently there was a lot of discussion on the tor email list about ways in which tor users could contribute to wikipedia articles. For a while now, all the tor exit nodes have been blocked from editing due to vandals using tor to disguise their actual IP addresses.
(But note that there are also benefits for other users of shared-IP services such as school proxies; see below)
It was proposed that cryptographic techniques could be used to ensure that vandals can be blocked, while still allowing helpful users to edit. I implemented such a system and called it nym. It enforces Wikipedia's current mechanism of filtering incoming users by IP address, but allows users to still enjoy privacy via tor.
To use nym, user Alice would do the following:
There is a live test system for nym, including a MediaWiki installation. You can try this process yourself from this page: nym client.
Say Alice goes to a school which uses a single proxy, and has never heard of tor. Her classmate Bob is a vandal and gets the school blocked regularly. Alice can go home, obtain an SSL certificate from her home computer's IP, then load the certificate on her computer at school using her keychain drive. If it's a shared terminal, she simply removes the certificate at the end of her session.
Most of the ways nym can be abused are no different from the challenges Wikipedia already handles on a daily basis. A vandal with access to many IP addresses can use nym to obtain many certificates, all of which would need to be blocked. But this is already the case with Wikipedia.
Nym has the disadvantage that it hides the originating IP, making it more difficult to identify the source of vandalism, although a vandal using a set of IPs to obtain certificates in succession would still end up with certificates with adjacent serial numbers (which could then be blocked as a group). On the other hand, at least for the Javascript client I've described, obtaining each certificate takes several minutes, whereas traditional Wikipedia vandals can make new edits as quickly as they can switch IP addresses.
Ultimately, Wikipedia must decide whether to support nym. The technical requirements are quite reasonable; mainly, we must decide whether the potential hassles are worth the ability to offer privacy to our editors.
Disadvantages:
Advantages:
Source code and documentation for nym, along with the preprint of an academic paper describing nym, can be found at the nym site.