Hi Faidon,
Thank you for taking the time to respond to this thread.
Post by Faidon Liambotis[ I didn't see this email from Alec on the thread, was it off-list? ]
[no, it's on the list and in the archive [1] ]
Post by Faidon LiambotisI've been in touch with Alec and other Tor project members on emails,
in-person Tor project meetings and videoconferences on multiple
occasions in the past couple of years (the last one being a couple of
months ago), so I can speak a little bit about this idea in general, as
well as EOTK specifically.
The EOTK stuff are interesting but not really an option for us -- they
rely on a edge (nginx) server performing content manipulation blindly,
which is a bad idea for many reasons, security amongst them.
It is possible and feasible to actually do it properly, by making some
modifications across our stack (MediaWiki, Varnish/nginx). Just to
mention a couple of issues: one of them is that we need MediaWiki to
emit different URLs for e.g. upload.wikimedia.org resources to point to
the onion address that we will designate for media. For other resources
(like gadgets) it may be even more complicated or even impossible.
Another challenge would be to make Extension:TorBlock aware of the Onion
connections, so that they can be appropriately blocked, as well as
figure out what to log as the users' IP address when they edit, if they
are pre-approved to do so.
Overall, it's not a super complicated project but not a trivial one
either. Maybe a couple of months time for a motivated individual, who is
already familiar with our stack.
If it wasn't obvious from the above, I have put quite a bit of thought
into it and that's because I share your sentiments about how this is an
important feature we should support and provide to our users, in
alignment with our mission.
Thank you. Also, I never thought that setting up a production service
would be easy. (I mean, a test service that goes down when somebody
sneezes too hard, yeah, it would be easy and I could do that ;-), a
production service no).
Post by Faidon Liambotis- As long as communities feel so-and-so about Tor overall, and e.g.
block edits from Tor users, it's hard to justify us in the Foundation
investing more time into it, at the expense of other projects. It
feels at odds with our communities' wishes a little bit.
From what I have read from the previous discussions (and in this thread
as well), the main problem that has been raised is related with editing
over Tor for the issues of vandalism, spamming and (more importantly)
sockpuppeting.
I understand that it is natural to consider editing when discussing
about this, but it is a much harder problem. From what I see in this
thread I would say, "let's think about one problem at a time".
Post by Faidon Liambotis- Accessing our sites over the Tor network *is* possible, regardless of
whether we provide an Onion service or not, via exit nodes. An Onion
service is more of a security and performance optimization and,
perhaps more importantly, a statement of support. Making a statement
of support while at the same time communities continue blocking edits
over Tor and we keep maintaining Extension:TorBlock, would be a little
hypocritical of us, the Wikimedia movement, IMHO.
I disagree, on one hand we can show that from a technical and a
community perspective reading and editing are two different problems, on
the other hand we have being blocking Tor for more than 10 years, so if
somebody wants to call us hypocrites they can already do that.
Also, let me say that my impression from the past discussions is that
some requests (coming from people more knowledgeable about Tor than our
projects) were overlooking how the projects and our community works. I
do not want to disparage anybody, simply point out that it is not
automatic to know how ours projects work.
All said, though, this is not an excuse not to make a step in the right
direction.
As for the statement of support, this is true. This service would be a
statement of support towards Tor, but as for statements:
* we oppose blocking of Wikipedia by governments;
* our flagship organization is suing the NSA because it has been
spying on our users;
We are already making statements about what is aligned and what is
against our movement's mission and values.
Also - and this is a response to the remark made by Risker - let me say
that the "dark web" is dark only for the part that we let it be dark.
Any statement you can make about the dark web is probably true about the
web in general. The web is still full of many places where you don't
want to go - and, case in point, possibly even more so in 2001 - but
this is not a good reason not to broadcast our project as much as we can.
The web would be a worse place if this movement and our project didn't
exist and exactly for this reason they need to get on the "dark web".
I really like the take of Alec Muffett when he says that we should treat
Tor as technological stack that for "End-to-End Encryption for Computers
to talk to other Computers"[2].
Post by Faidon Liambotis- Looking at it more broadly, Foundation-wide, if we had to invest
resources into our Tor support, I think adding Tor support to our
mobile apps would be a better use of our limited resources.
It would probably be the most useful thing to do, also better than
nothing :-).
Post by Faidon LiambotisHope this helps. Happy to help you move this forward if there are ways
to do so.
I am trying to do what I can.
Cristian
[1]: https://lists.wikimedia.org/pipermail/wikimedia-l/2017-June/087753.html
[2]:
https://medium.com/@alecmuffett/tor-is-end-to-end-encryption-for-computers-to-talk-to-other-computers-34e41d81c9e2