[Wikimedia-l] Let's set up a Tor onion service for Wikipedia

I think that's an excellent idea and very much aligned with our commitment
to provide free information also for those who are living under unfavorable
conditions.

I personally endorse it.

Thanks Cristian for suggesting it.

Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service to
https://meta.wikimedia.org/wiki/Grants:IdeaLab/A_Tor_
Onion_Service_for_Wikipedia
I was thinking about this and I also discovered that the Internet
www.hackerfactor.com/blog/index.php?/archives/750-
Freedom-of-Information.html
I would like to have some feedback on this, I am also in contact with
the author of the aforementioned proxy which could be able to give some
help in setting it up.
Thank you.
Cristian
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

David Gerard

2017-06-05 17:43:44 UTC

Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.

- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our commitment
to provide free information also for those who are living under unfavorable
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l

John

2017-06-05 17:47:51 UTC

enabling read access via Tor shouldn't be an issue, however editing should
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Gabriel Thullen

2017-06-05 18:53:58 UTC

I imagine registered users could edit through TOR. That is how it works
with my school IP: anonymous edits are blocked, account creation as well,
but you can sign in an edit.

Post by John
enabling read access via Tor shouldn't be an issue, however editing should
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service

Post by Cristian Consonni
https://meta.wikimedia.org/wiki/Grants:IdeaLab/A_Tor_
Onion_Service_for_Wikipedia
I was thinking about this and I also discovered that the Internet
www.hackerfactor.com/blog/index.php?/archives/750-
Freedom-of-Information.html
I would like to have some feedback on this, I am also in contact with
the author of the aforementioned proxy which could be able to give

some

Post by Cristian Consonni
help in setting it up.
Thank you.
Cristian
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Post by David Cuenca Tudela
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

John

2017-06-05 19:01:41 UTC

Im not going to violate BEANS, but even allowing accounts to edit without
further hurdles isn't going to work. Because of the anonymity that tor
provides its fairly easy to cause widespread issues. When the vandals start
actually using tactics the flood gates of TOR will cause massive issues
cross wiki that requires steward level intervention on a regular basis.

Post by Gabriel Thullen
I imagine registered users could edit through TOR. That is how it works
with my school IP: anonymous edits are blocked, account creation as well,
but you can sign in an edit.

Post by John
enabling read access via Tor shouldn't be an issue, however editing

should

Post by John
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service

with

Post by Cristian Consonni
the author of the aforementioned proxy which could be able to give

some

Post by Cristian Consonni
help in setting it up.
Thank you.
Cristian
_______________________________________________

https://meta.wikimedia.org/

Post by Cristian Consonni
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

unsubscribe>

Post by David Cuenca Tudela
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

Post by David Gerard
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

John Erling Blad

2017-06-13 20:34:44 UTC

Blocking a registered user on TOR is not different from blocking a
registered user outside TOR.

Post by John
Im not going to violate BEANS, but even allowing accounts to edit without
further hurdles isn't going to work. Because of the anonymity that tor
provides its fairly easy to cause widespread issues. When the vandals start
actually using tactics the flood gates of TOR will cause massive issues
cross wiki that requires steward level intervention on a regular basis.

Post by John
enabling read access via Tor shouldn't be an issue, however editing

should

Post by John
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden)

service

Post by John
to

with

Post by Cristian Consonni
the author of the aforementioned proxy which could be able to give

some

Post by Cristian Consonni
help in setting it up.
Thank you.
Cristian
_______________________________________________

https://meta.wikimedia.org/

Post by Cristian Consonni
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

unsubscribe>

Post by David Cuenca Tudela
_______________________________________________

https://meta.wikimedia.org/

Post by David Gerard
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

mailman/listinfo/wikimedia-l,

Post by John
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Lane Rasberry

2017-06-13 21:09:16 UTC

This conversation has gone in multiple directions. It started with reading
Wikipedia through a hidden service. I am interested only in talking about
editing Wikipedia with Tor.

I feel that the negativity in this thread against Tor is unwarranted and
ignorant. I can confirm that Wikipedia needs its defense and should not
open pathways to let problematic users vandalize Wikipedia. I dispute that
there is any reason to believe that having a safe process for granting
editing rights to certain vetted Tor users should be problematic. In fact,
block exemptions are not granted in a reasonable way.

In discussions about Tor often I feel like users become wild and
accusatory. When I hear harsh accusations, I often feel that they are
coming from people who do not understand the proposals that have come in
over the years for allowing Tor access to certain users. The big recurring
idea is that users with registered accounts can request review for their
wiki editing, or new accounts could be watched or sponsored by established
users. If they pass review, they get to edit from Tor. If they do not pass
review, then they cannot. Anyone who says, "No Tor, it would create a flood
of bad edits" is probably unaware of what Tor advocates are requesting, or
at least, I have never heard from anyone who has this view and who could
have a conversation.

Here are some stories I have heard from established Wikipedia editors who
want to edit with Tor:

- A well known LGBT+ activist and contributor to projects in the open
movement lives in a country where being LGBT+ is a serious crime.
- A person who is in the witness protection
<https://en.wikipedia.org/wiki/witness_protection> program of their
country and is willing to share government provided proof of their need for
privacy has made a request for an en:Wikipedia:IP block exemption
<https://en.wikipedia.org/wiki/Wikipedia:IP_block_exemption>, and was
denied and cannot edit with Tor.
- A major international conference in the open movement hosted a speaker
and presenter who claimed to be a refugee from their own country and
expected never to return, and claimed that editing Wikipedia was the
primary factor in their government's persecution of them.

Restricting these kinds of users is sad and unnecessary. On-wiki and by
email are not paths to reasonable conversation on this topic. If anyone
wants to have conversation I would talk by phone or video chat. I also
posted a lot about this on-wiki, but it is a lot to take in.

More reading -

RfC: Grant exemptions to users in good standing on request
<
https://en.wikipedia.org/wiki/Wikipedia_talk:IP_block_exemption#RfC:_Grant_exemptions_to_users_in_good_standing_on_request
Partnership between Wikimedia community and Tor community
<
https://meta.wikimedia.org/wiki/Grants:IdeaLab/Partnership_between_Wikimedia_community_and_Tor_community

Post by John Erling Blad
Blocking a registered user on TOR is not different from blocking a
registered user outside TOR.

start

Post by John
actually using tactics the flood gates of TOR will cause massive issues
cross wiki that requires steward level intervention on a regular basis.

Post by Gabriel Thullen
I imagine registered users could edit through TOR. That is how it works
with my school IP: anonymous edits are blocked, account creation as

well,

Post by Gabriel Thullen
but you can sign in an edit.

Post by John
enabling read access via Tor shouldn't be an issue, however editing

should

Post by John
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden)

service

Post by John
to

Post by Cristian Consonni
https://meta.wikimedia.org/wiki/Grants:IdeaLab/A_Tor_
Onion_Service_for_Wikipedia
I was thinking about this and I also discovered that the

Internet

Post by Cristian Consonni
www.hackerfactor.com/blog/index.php?/archives/750-
Freedom-of-Information.html
I would like to have some feedback on this, I am also in contact

with

Post by Cristian Consonni
the author of the aforementioned proxy which could be able to

give

Post by John
some

Post by Cristian Consonni
help in setting it up.
Thank you.
Cristian
_______________________________________________

https://meta.wikimedia.org/

Post by Cristian Consonni
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

unsubscribe>

Post by David Cuenca Tudela
_______________________________________________

https://meta.wikimedia.org/

Post by David Gerard
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

unsubscribe>

Post by David Gerard
_______________________________________________

https://meta.wikimedia.org/

Post by David Gerard
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

unsubscribe>

mailman/listinfo/wikimedia-l,

Post by Gabriel Thullen
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

--
Lane Rasberry
user:bluerasberry on Wikipedia
206.801.0814
***@bluerasberry.com

John

2017-06-05 19:01:42 UTC

Post by John
enabling read access via Tor shouldn't be an issue, however editing

should

Post by John
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service

with

Post by Cristian Consonni
the author of the aforementioned proxy which could be able to give

some

Post by Cristian Consonni
help in setting it up.
Thank you.
Cristian
_______________________________________________

https://meta.wikimedia.org/

Post by Cristian Consonni
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l

unsubscribe>

Post by David Cuenca Tudela
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/

mailman/listinfo/wikimedia-l,

Yongmin H.

2017-06-05 19:47:47 UTC

Nope.

Tor users needs `ip block exempt` or `global ip block exempt` to edit.

https://en.wikipedia.org/wiki/Wikipedia:IP_block_exemption seem to say so too. ("In highly exceptional circumstances, an editor may be permitted to edit anonymously, via Tor or another anonymizing proxy.")

--
Yongmin

Sent from my iPhone
https://wp.revi.blog
Please note that this address is list-only address and any non-mailing list mails will be treated as spam.
Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a.

Post by John
enabling read access via Tor shouldn't be an issue, however editing should
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service

some

Post by David Cuenca Tudela
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l

Todd Allen

2017-06-05 20:19:01 UTC

With the recent ruling about ISPs being allowed to collect and sell user
data in the US, we're at "highly exceptional circumstances". Good Internet
citizens allow anonymous participation. We can soft block them, but surely
we can revert vandals and block their accounts.

If we can't even manage that, we have problems far deeper than Tor.

Todd

Post by Yongmin H.
Nope.
Tor users needs `ip block exempt` or `global ip block exempt` to edit.
https://en.wikipedia.org/wiki/Wikipedia:IP_block_exemption seem to say so
too. ("In highly exceptional circumstances, an editor may be permitted to
edit anonymously, via Tor or another anonymizing proxy.")
--
Yongmin
Sent from my iPhone
https://wp.revi.blog
Please note that this address is list-only address and any non-mailing
list mails will be treated as spam.
Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a.

Post by John
enabling read access via Tor shouldn't be an issue, however editing

should

Post by John
not be allowed due to high volume of known abuse from that vector.

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
- d.

Post by David Cuenca Tudela
I think that's an excellent idea and very much aligned with our

commitment

Post by David Cuenca Tudela
to provide free information also for those who are living under

unfavorable

Post by David Cuenca Tudela
conditions.
I personally endorse it.
Thanks Cristian for suggesting it.
Regards,
Micru

Post by Cristian Consonni
Hi,
I have written a proposal about setting up an onion (hidden) service

some

mailman/listinfo/wikimedia-l

Post by David Cuenca Tudela
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by David Cuenca Tudela
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/

wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l

Post by Gabriel Thullen
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Cristian Consonni

2017-06-05 21:06:51 UTC

Post by Todd Allen
With the recent ruling about ISPs being allowed to collect and sell user
data in the US, we're at "highly exceptional circumstances". Good Internet
citizens allow anonymous participation. We can soft block them, but surely
we can revert vandals and block their accounts.
If we can't even manage that, we have problems far deeper than Tor.
I agree that sockpuppets are a real problem, but they manage fine

right now

Post by Todd Allen
without going through Tor. There are quite a few ways to connect up using
different IPs as it is now, so the real problem remains: the

sockpuppeteers

Post by Todd Allen
themselves.

I understand your point of view and I am sympathetic to it. I also would
like to find a solution to this problem right now, but what I have seen
reading the past discussions is that in the last 10+ years our community
has not been able to find a shared, workable proposal for allowing
editing over Tor for everybody. In the end, I trust the opinion of those
who have participated in the past discussions (with many very
experienced users participating in them) to be better informed than
myself on the topic of fighting sockpuppeteers, vandals and spammers.

At the same time, what I am proposing is dealing with a single problem
at a time, and also a different thing. An onion service would be good
regardless of the fact that it can be used just for reading or for
reading and writing.

To the best of my knowledge, the current proposal shouldn't cause any
disruption to the projects with our current policies (and, please, you
are invited point out any issues you may see with it).

Also, if we see that this service is used then we may have an additional
data point to reason about the opportunity of allowing editing over Tor.
In other words, if we have many readers maybe we could have some
editors, too, and it would be more justified to put some resources
towards trying to solve this much harder problem.

Cristian

Cristian Consonni

2017-06-05 20:20:26 UTC

Post by David Gerard
Editing may be a tricky one, particularly on en:wp, which has found
Tor exit points to overwhelmingly be fountains of garbage, and
automatically blocks them.
enabling read access via Tor shouldn't be an issue, however editing should
not be allowed due to high volume of known abuse from that vector.
Im not going to violate BEANS, but even allowing accounts to edit without
further hurdles isn't going to work. Because of the anonymity that tor
provides its fairly easy to cause widespread issues. When the vandals

start

Post by David Gerard
actually using tactics the flood gates of TOR will cause massive issues
cross wiki that requires steward level intervention on a regular basis.

Allow me to reiterate that I am not proposing any change to the current
policies regarding editing via Tor or other open proxies. Even with an
onion service, anonymous editing will still be blocked and registered
users will still need to apply for IP block exemption before being able
to edit.

I have read several discussions on the topic (going back to 2006) and
what I have understood from those is that the biggest issue with editing
via Tor is sockpuppeting. Vandals and spammer could be handled (and
blocked), sockpuppets would be much harder to identify. The problem is
hard because it solving it requires to have a way to identify that two
accounts with different IPs are related to the same real person without
at the same time destroying the anonymity provided by Tor. There has
been research on the topic (see, for example, Nymble[1]) but at the very
least it would require some additional technical setup and testing.

With this proposal I am not trying to solve that problem.

I am just pointing out that:
1. having an onion service would increase the privacy of our readers and
the (very few) people who are already allowed to edit via Tor.
2. is harder to block access to an onion service than to wikipedia.org
(you basically need to block all accesses to Tor, but there are ways to
circumvent that, too[2]).
3. supporting privacy-enhancing technology is good and people may need
it or maybe they will start using Tor more.

As it stands now, the biggest impact of this project (if it is
successful) would be on operations and analytics.

Cristian

[1]: https://cgi.soic.indiana.edu/~kapadia/nymble/overview.php
[2]: https://www.torproject.org/docs/pluggable-transports

Gabriel Thullen

2017-06-05 20:34:19 UTC

I agree that sockpuppets are a real problem, but they manage fine right now
without going through Tor. There are quite a few ways to connect up using
different IPs as it is now, so the real problem remains: the sockpuppeteers
themselves.

Gabe

should

Post by David Gerard
not be allowed due to high volume of known abuse from that vector.
Im not going to violate BEANS, but even allowing accounts to edit without
further hurdles isn't going to work. Because of the anonymity that tor
provides its fairly easy to cause widespread issues. When the vandals

start

Post by David Gerard
actually using tactics the flood gates of TOR will cause massive issues
cross wiki that requires steward level intervention on a regular basis.

Allow me to reiterate that I am not proposing any change to the current
policies regarding editing via Tor or other open proxies. Even with an
onion service, anonymous editing will still be blocked and registered
users will still need to apply for IP block exemption before being able
to edit.
I have read several discussions on the topic (going back to 2006) and
what I have understood from those is that the biggest issue with editing
via Tor is sockpuppeting. Vandals and spammer could be handled (and
blocked), sockpuppets would be much harder to identify. The problem is
hard because it solving it requires to have a way to identify that two
accounts with different IPs are related to the same real person without
at the same time destroying the anonymity provided by Tor. There has
been research on the topic (see, for example, Nymble[1]) but at the very
least it would require some additional technical setup and testing.
With this proposal I am not trying to solve that problem.
1. having an onion service would increase the privacy of our readers and
the (very few) people who are already allowed to edit via Tor.
2. is harder to block access to an onion service than to wikipedia.org
(you basically need to block all accesses to Tor, but there are ways to
circumvent that, too[2]).
3. supporting privacy-enhancing technology is good and people may need
it or maybe they will start using Tor more.
As it stands now, the biggest impact of this project (if it is
successful) would be on operations and analytics.
Cristian
[1]: https://cgi.soic.indiana.edu/~kapadia/nymble/overview.php
[2]: https://www.torproject.org/docs/pluggable-transports
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

MZMcBride

2017-06-05 23:34:22 UTC

Post by Cristian Consonni
I have read several discussions on the topic (going back to 2006) and
what I have understood from those is that the biggest issue with editing
via Tor is sockpuppeting.

This Phabricator comment you found seems pretty useful:
<https://phabricator.wikimedia.org/T71333#728636>.

And Faidon posted in November 2014 about the establishment of a Tor relay:
https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079392.html

How does your proposal interact (if at all) with the existing Tor relay
set up in late 2014?

It's unclear to me whether "Tor onion service" in this context is
equivalent to a Tor exit node. I'm fairly sure setting up the latter has
been discussed previously on wikimedia-l and/or wikitech-l.

MZMcBride

Risker

2017-06-06 00:10:50 UTC

As far as I can tell (and from comments made in the past by actual Tor
users), there is no problem whatsoever for Tor users to read Wikipedia
while using Tor. Editing is a completely different situation - and well it
should be, given the pure unadulterated trash that tends to come in
whenever a Tor exit node is missed in the routine lockdowns.

I recognize the concerns about ISP tracking and what I assume most
Wikimedians would consider inappropriate use of their browsing
information. I understand why more and more Wikimedians are electing to
use VPNs and other more secure methods of accessing the internet. But VPNs
are also heavily abused - not just by socks, but by individuals who
consciously and intentionally disrupt projects - and thus more and more of
them are getting locked in "only accounts can edit" or even "only IPBE can
edit" mode - often on a global basis, not just one individual wiki. It
occurs to me that we can probably be more liberal in handing out IPBE -
which covers both Tor users and VPN users. It's not an idea situation,
since people have to establish their account history before anyone's going
to hand them IPBE, but it is probably better than nothing. And yes, the
place to ask is at Global IPBE, because getting IPBE on only one project is
unhelpful if one also pitches in elsewhere (Wikidata, Commons, etc.).

Risker/Anne

Post by MZMcBride

Post by Cristian Consonni
I have read several discussions on the topic (going back to 2006) and
what I have understood from those is that the biggest issue with editing
via Tor is sockpuppeting.

<https://phabricator.wikimedia.org/T71333#728636>.
https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079392.html
How does your proposal interact (if at all) with the existing Tor relay
set up in late 2014?
It's unclear to me whether "Tor onion service" in this context is
equivalent to a Tor exit node. I'm fairly sure setting up the latter has
been discussed previously on wikimedia-l and/or wikitech-l.
MZMcBride
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Vi to

2017-06-06 00:23:06 UTC

By the way a certain degree of accountability is needed.

There cannot be any privacy for "wikingers" or people bringing cyberbulling
to wiki.

Vito

Post by Risker
As far as I can tell (and from comments made in the past by actual Tor
users), there is no problem whatsoever for Tor users to read Wikipedia
while using Tor. Editing is a completely different situation - and well it
should be, given the pure unadulterated trash that tends to come in
whenever a Tor exit node is missed in the routine lockdowns.
I recognize the concerns about ISP tracking and what I assume most
Wikimedians would consider inappropriate use of their browsing
information. I understand why more and more Wikimedians are electing to
use VPNs and other more secure methods of accessing the internet. But VPNs
are also heavily abused - not just by socks, but by individuals who
consciously and intentionally disrupt projects - and thus more and more of
them are getting locked in "only accounts can edit" or even "only IPBE can
edit" mode - often on a global basis, not just one individual wiki. It
occurs to me that we can probably be more liberal in handing out IPBE -
which covers both Tor users and VPN users. It's not an idea situation,
since people have to establish their account history before anyone's going
to hand them IPBE, but it is probably better than nothing. And yes, the
place to ask is at Global IPBE, because getting IPBE on only one project is
unhelpful if one also pitches in elsewhere (Wikidata, Commons, etc.).
Risker/Anne

Post by MZMcBride

Post by Cristian Consonni
I have read several discussions on the topic (going back to 2006) and
what I have understood from those is that the biggest issue with editing
via Tor is sockpuppeting.

<https://phabricator.wikimedia.org/T71333#728636>.
And Faidon posted in November 2014 about the establishment of a Tor
https://lists.wikimedia.org/pipermail/wikitech-l/2014-

November/079392.html

Post by MZMcBride
How does your proposal interact (if at all) with the existing Tor relay
set up in late 2014?
It's unclear to me whether "Tor onion service" in this context is
equivalent to a Tor exit node. I'm fairly sure setting up the latter has
been discussed previously on wikimedia-l and/or wikitech-l.
MZMcBride
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Cristian Consonni

2017-06-06 10:22:53 UTC

Post by Risker
As far as I can tell (and from comments made in the past by actual Tor
users), there is no problem whatsoever for Tor users to read Wikipedia
while using Tor.

Let me put it this way, I am sure that the WMF will always do its best
to protect the privacy of our readers and editors. Alas, I am much more
concerned by third parties trying to snoop on our users. We also know
that this kind of surveillance happened and that's also why the WMF is
currently engaged in a lawsuit against the NSA.

Using Tor to visit (i.e. read) wikipedia.org provides additional privacy
and users can also circumvent blocks in their country, if necessary.
Having an onion service gives similar benefits.

Furthermore, I think it is very important that major Internet websites
provide themselves as an onion service. Even Facebook did it (at
https://www.facebookcorewwwi.onion/) and there are good privacy and
censorship-circumventing reasons for this[1]. I think that the least
difference between the "privacy enhanced" (aka dark) net and the regular
internet there is the more people will consider to use Tor. I think this
is a good thing.

Frankly, I hate it when I hear Tor and onion services nominated by
newspapers and newscasts only when talking about illegal activities.
Then I remind myself that Snowden used Tor extensively and without it we
probably would have not know about the NSA mass surveillance.

I think that having an onion service may be useful, but I also think
that we could have it just because we should.

Post by Risker
Editing is a completely different situation - and well it
should be, given the pure unadulterated trash that tends to come in
whenever a Tor exit node is missed in the routine lockdowns.

Andrea Zanni

2017-06-07 22:28:51 UTC

Quick update,
as this story went on Motherboard
https://motherboard.vice.com/en_us/article/wikipedians-want-to-to-put-wikipedia-on-the-dark-web
;-)

Aubrey

Post by Cristian Consonni

Post by Risker
As far as I can tell (and from comments made in the past by actual Tor
users), there is no problem whatsoever for Tor users to read Wikipedia
while using Tor.

Let me put it this way, I am sure that the WMF will always do its best
to protect the privacy of our readers and editors. Alas, I am much more
concerned by third parties trying to snoop on our users. We also know
that this kind of surveillance happened and that's also why the WMF is
currently engaged in a lawsuit against the NSA.
Using Tor to visit (i.e. read) wikipedia.org provides additional privacy
and users can also circumvent blocks in their country, if necessary.
Having an onion service gives similar benefits.
Furthermore, I think it is very important that major Internet websites
provide themselves as an onion service. Even Facebook did it (at
https://www.facebookcorewwwi.onion/) and there are good privacy and
censorship-circumventing reasons for this[1]. I think that the least
difference between the "privacy enhanced" (aka dark) net and the regular
internet there is the more people will consider to use Tor. I think this
is a good thing.
Frankly, I hate it when I hear Tor and onion services nominated by
newspapers and newscasts only when talking about illegal activities.
Then I remind myself that Snowden used Tor extensively and without it we
probably would have not know about the NSA mass surveillance.
I think that having an onion service may be useful, but I also think
that we could have it just because we should.

I understand the difficulties. Again, I don't think we should conflate
the idea of providing Wikipedia as an onion service with the issues
related to editing Wikipedia over Tor or open proxies.
https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Cristian Consonni

2017-06-10 14:30:48 UTC

Hi,

I have found now this paper that seems relevant to this conversation:

Forte, Andrea, Nazanin Andalibi, and Rachel Greenstadt
"Privacy, anonymity, and perceived risk in open collaboration: a study
of Tor users and Wikipedians."
Proceedings of Computer-Supported Cooperative Work and Social Computing
(CSCW). Portland, OR. CSCW 17 (2017): 12.
http://andreaforte.net/ForteCSCW17-Anonymity.pdf

Cristian

David Gerard

2017-06-10 14:38:58 UTC

Apposite, but defective in a number of respects; also, explicitly advocacy
for Tor editing without really addressing the objections to it (that it's
99+% a firehose of garbage).

Rather than me reading through several pages to pick out what you might
mean, could you please quote the bits you consider particularly make a
relevant point?

- d.

Post by Cristian Consonni
Hi,
Forte, Andrea, Nazanin Andalibi, and Rachel Greenstadt
"Privacy, anonymity, and perceived risk in open collaboration: a study
of Tor users and Wikipedians."
Proceedings of Computer-Supported Cooperative Work and Social Computing
(CSCW). Portland, OR. CSCW 17 (2017): 12.
http://andreaforte.net/ForteCSCW17-Anonymity.pdf
Cristian
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Gordon Joly

2017-06-10 20:16:35 UTC

Post by David Gerard
Rather than me reading through several pages to pick out what you might
mean, could you please quote the bits you consider particularly make a
relevant point?
- d.

Well, here is the abstract.

Gordon

*****************************************
ABSTRACT
This qualitative study examines privacy practices and
concerns among contributors to open collaboration projects.
We collected interview data from people who use the
anonymity network Tor who also contribute to online
projects and from Wikipedia editors who are concerned
about their privacy to better understand how privacy
concerns impact participation in open collaboration
projects. We found that risks perceived by contributors to
open collaboration projects include threats of surveillance,
violence, harassment, opportunity loss, reputation loss, and
fear for loved ones. We explain participants’ operational
and technical strategies for mitigating these risks and how
these strategies affect their contributions. Finally, we
discuss chilling effects associated with privacy loss, the
need for open collaboration projects to go beyond attracting
and educating participants to consider their privacy, and
some of the social and technical approaches that could be
explored to mitigate risk at a project or community level.

Author Keywords

Wikipedia; Tor; Risk; Privacy; Identity

ACM Classification Keywords

H.5.m. Information interfaces and presentation (e.g., HCI):
Miscellaneous

Alec Muffett

2017-06-07 18:24:18 UTC

If it helps, I built an betatest onion for Wikipedia and all(?) the
Wikimedia Foundation websites using EOTK* a few months ago, and documented
the build process at:

https://github.com/alecmuffett/eotk/blob/master/docs.d/RUNBOOK.md

A basic test onion takes about 5..10 minutes to set up on Ubuntu or
OSX/Homebrew.

A scalable full production loadbalanced deployment on some kind of cloud or
server(s) should take a day or two, plus time to buy an Onion SSL
Certificate where appropriate.

- alec

* Enterprise Onion Toolkit

Cristian Consonni

2017-06-14 14:27:12 UTC

Post by Alec Muffett
If it helps, I built an betatest onion for Wikipedia and all(?) the
Wikimedia Foundation websites using EOTK* a few months ago, and documented
https://github.com/alecmuffett/eotk/blob/master/docs.d/RUNBOOK.md
A basic test onion takes about 5..10 minutes to set up on Ubuntu or
OSX/Homebrew.
A scalable full production loadbalanced deployment on some kind of cloud orse
server(s) should take a day or two, plus time to buy an Onion SSL
Certificate where appropriate.

Thanks Alec.

I would also point out the offer you made in a tutorial video for EOTK[1]:

"If anyone from Wikipedia or Wikimedia is watching this video I would
gladly help you guys set one of this up officially because it is really
cool"

It is. It also useful, mission-aligned, and important.

So, please read my proposal as "Take this offer from Alec Muffett"

Cristian

[1]:

Faidon Liambotis

2017-06-14 14:57:30 UTC

Hi Cristian,

[ I didn't see this email from Alec on the thread, was it off-list? ]

I've been in touch with Alec and other Tor project members on emails,
in-person Tor project meetings and videoconferences on multiple
occasions in the past couple of years (the last one being a couple of
months ago), so I can speak a little bit about this idea in general, as
well as EOTK specifically.

The EOTK stuff are interesting but not really an option for us -- they
rely on a edge (nginx) server performing content manipulation blindly,
which is a bad idea for many reasons, security amongst them.

It is possible and feasible to actually do it properly, by making some
modifications across our stack (MediaWiki, Varnish/nginx). Just to
mention a couple of issues: one of them is that we need MediaWiki to
emit different URLs for e.g. upload.wikimedia.org resources to point to
the onion address that we will designate for media. For other resources
(like gadgets) it may be even more complicated or even impossible.
Another challenge would be to make Extension:TorBlock aware of the Onion
connections, so that they can be appropriately blocked, as well as
figure out what to log as the users' IP address when they edit, if they
are pre-approved to do so.

Overall, it's not a super complicated project but not a trivial one
either. Maybe a couple of months time for a motivated individual, who is
already familiar with our stack.

If it wasn't obvious from the above, I have put quite a bit of thought
into it and that's because I share your sentiments about how this is an
important feature we should support and provide to our users, in
alignment with our mission.

However, it hasn't been a priority for me or my team for these reasons:
- As long as communities feel so-and-so about Tor overall, and e.g.
block edits from Tor users, it's hard to justify us in the Foundation
investing more time into it, at the expense of other projects. It
feels at odds with our communities' wishes a little bit.

- Accessing our sites over the Tor network *is* possible, regardless of
whether we provide an Onion service or not, via exit nodes. An Onion
service is more of a security and performance optimization and,
perhaps more importantly, a statement of support. Making a statement
of support while at the same time communities continue blocking edits
over Tor and we keep maintaining Extension:TorBlock, would be a little
hypocritical of us, the Wikimedia movement, IMHO.

- Looking at it more broadly, Foundation-wide, if we had to invest
resources into our Tor support, I think adding Tor support to our
mobile apps would be a better use of our limited resources.

Hope this helps. Happy to help you move this forward if there are ways
to do so.

Best regards,
Faidon
--
Faidon Liambotis
Principal Engineer, Technical Operations
Wikimedia Foundation

Post by Cristian Consonni

Thanks Alec.
"If anyone from Wikipedia or Wikimedia is watching this video I would
gladly help you guys set one of this up officially because it is really
cool"
It is. It also useful, mission-aligned, and important.
So, please read my proposal as "Take this offer from Alec Muffett"
Cristian
[1]: http://youtu.be/HNJaMNVCb-U
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l

Brad Jorsch (Anomie)

2017-06-14 15:08:51 UTC

Just to mention a couple of issues: one of them is that we need MediaWiki
to emit different URLs for e.g. upload.wikimedia.org resources to point
to the onion address that we will designate for media.

That part reminds me a bit of https://phabricator.wikimedia.org/T156847,
which is about outputting different addresses in links for the mobile site
versus the desktop site. The same solution might work for both onion links
and mobile site links.

--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation

Alec Muffett

2017-06-15 18:54:20 UTC

Post by Brad Jorsch (Anomie)
That part reminds me a bit of https://phabricator.wikimedia.org/T156847,
which is about outputting different addresses in links for the mobile site
versus the desktop site. The same solution might work for both onion links
and mobile site links.

This is basically what we did at Facebook; architecture and other tips are
published at https://storify.com/AlecMuffett/tor-tips

The only real "gotcha" with such an approach is to only "onionify" links
which are in the process of being rendered to go to the user's browser; if
your software stack also makes site-internal fetches (eg: for database
access) in order to render a page, then onionifying *those* will result in
badness.

The other nice thing to bear in mind is that onionification is generally
best done with 1:1 mappings between onion addresses and DNS domains, and
that consistency is beneficial; in other words:

foo.com <-> aaaa1111.onion
bar.com <-> bbbb2222.onion

...and even if you are rendering a page for foo.com/aaaa1111, you'll get a
nicer experience by also fixing-up the bar.com/bbbb2222 HREFs, should you
happen to generate any.

This is one point where EOTK wins-out, because it operates after-the-fact
of content generation & site caching, so has a marginally easier time; the
demo EOTK config for a Wikipedia onion currently performs 11 simultaneous
mappings, as documented at:
https://github.com/alecmuffett/eotk/blob/master/demo.d/wikipedia.tconf

- alec

--
http://dropsafe.crypticide.com/aboutalecm

Dariusz Jemielniak

2017-06-14 15:12:39 UTC

hi Faidon,

Post by Faidon Liambotis
- As long as communities feel so-and-so about Tor overall, and e.g.
block edits from Tor users, it's hard to justify us in the Foundation
investing more time into it, at the expense of other projects. It
feels at odds with our communities' wishes a little bit.

the reason to think about some use of Tor for me, considering the mixed
feelings about the technology in our community, would be in the app, and
just for reading. If our app used Tor by default, all users in Turkey would
magically find Wikipedia to work on their phones :)

Facebook app allows Tor, but not by default (because it kills
notifications).

I believe that such a use of Tor would possibly be neutral to many people
who otherwise oppose allowing editing through Tor.

dj

Cristian Consonni

2017-06-14 16:58:30 UTC

Hi Faidon,

Thank you for taking the time to respond to this thread.

Post by Faidon Liambotis
[ I didn't see this email from Alec on the thread, was it off-list? ]

[no, it's on the list and in the archive [1] ]

Post by Faidon Liambotis
I've been in touch with Alec and other Tor project members on emails,
in-person Tor project meetings and videoconferences on multiple
occasions in the past couple of years (the last one being a couple of
months ago), so I can speak a little bit about this idea in general, as
well as EOTK specifically.
The EOTK stuff are interesting but not really an option for us -- they
rely on a edge (nginx) server performing content manipulation blindly,
which is a bad idea for many reasons, security amongst them.
It is possible and feasible to actually do it properly, by making some
modifications across our stack (MediaWiki, Varnish/nginx). Just to
mention a couple of issues: one of them is that we need MediaWiki to
emit different URLs for e.g. upload.wikimedia.org resources to point to
the onion address that we will designate for media. For other resources
(like gadgets) it may be even more complicated or even impossible.
Another challenge would be to make Extension:TorBlock aware of the Onion
connections, so that they can be appropriately blocked, as well as
figure out what to log as the users' IP address when they edit, if they
are pre-approved to do so.
Overall, it's not a super complicated project but not a trivial one
either. Maybe a couple of months time for a motivated individual, who is
already familiar with our stack.
If it wasn't obvious from the above, I have put quite a bit of thought
into it and that's because I share your sentiments about how this is an
important feature we should support and provide to our users, in
alignment with our mission.

Thank you. Also, I never thought that setting up a production service
would be easy. (I mean, a test service that goes down when somebody
sneezes too hard, yeah, it would be easy and I could do that ;-), a
production service no).

From what I have read from the previous discussions (and in this thread
as well), the main problem that has been raised is related with editing
over Tor for the issues of vandalism, spamming and (more importantly)
sockpuppeting.

I understand that it is natural to consider editing when discussing
about this, but it is a much harder problem. From what I see in this
thread I would say, "let's think about one problem at a time".

Post by Faidon Liambotis
- Accessing our sites over the Tor network *is* possible, regardless of
whether we provide an Onion service or not, via exit nodes. An Onion
service is more of a security and performance optimization and,
perhaps more importantly, a statement of support. Making a statement
of support while at the same time communities continue blocking edits
over Tor and we keep maintaining Extension:TorBlock, would be a little
hypocritical of us, the Wikimedia movement, IMHO.

I disagree, on one hand we can show that from a technical and a
community perspective reading and editing are two different problems, on
the other hand we have being blocking Tor for more than 10 years, so if
somebody wants to call us hypocrites they can already do that.

Also, let me say that my impression from the past discussions is that
some requests (coming from people more knowledgeable about Tor than our
projects) were overlooking how the projects and our community works. I
do not want to disparage anybody, simply point out that it is not
automatic to know how ours projects work.

All said, though, this is not an excuse not to make a step in the right
direction.

As for the statement of support, this is true. This service would be a
statement of support towards Tor, but as for statements:
* we oppose blocking of Wikipedia by governments;
* our flagship organization is suing the NSA because it has been
spying on our users;
We are already making statements about what is aligned and what is
against our movement's mission and values.

Also - and this is a response to the remark made by Risker - let me say
that the "dark web" is dark only for the part that we let it be dark.

Any statement you can make about the dark web is probably true about the
web in general. The web is still full of many places where you don't
want to go - and, case in point, possibly even more so in 2001 - but
this is not a good reason not to broadcast our project as much as we can.

The web would be a worse place if this movement and our project didn't
exist and exactly for this reason they need to get on the "dark web".

I really like the take of Alec Muffett when he says that we should treat
Tor as technological stack that for "End-to-End Encryption for Computers
to talk to other Computers"[2].

Post by Faidon Liambotis
- Looking at it more broadly, Foundation-wide, if we had to invest
resources into our Tor support, I think adding Tor support to our
mobile apps would be a better use of our limited resources.

It would probably be the most useful thing to do, also better than
nothing :-).

Post by Faidon Liambotis
Hope this helps. Happy to help you move this forward if there are ways
to do so.

I am trying to do what I can.

Cristian

[1]: https://lists.wikimedia.org/pipermail/wikimedia-l/2017-June/087753.html
[2]:
https://medium.com/@alecmuffett/tor-is-end-to-end-encryption-for-computers-to-talk-to-other-computers-34e41d81c9e2

Alec Muffett

2017-06-14 15:12:49 UTC

Post by Faidon Liambotis
The EOTK stuff are interesting but not really an option for us -- they
rely on a edge (nginx) server performing content manipulation blindly,
which is a bad idea for many reasons, security amongst them.

Hi again Faidon!

I'd love to know more about the security issues in particular. Do please
tell?

Post by Faidon Liambotis
- As long as communities feel so-and-so about Tor overall, and e.g.
block edits from Tor users, it's hard to justify us in the Foundation
investing more time into it,

Concur.

I would love to know more about what you see as the inhibitors - especially
so that I can go fix them for the internet-community-at-large - however
this decision is one for the Wikipedia community to take.

I'll still happily help if you decide "yes", but WMF should make and own
the decision.

-a

ps: reminder, I'd love to know more about the security issues. :-)

--
http://dropsafe.crypticide.com/aboutalecm

Faidon Liambotis

2017-06-16 18:12:53 UTC

hi Alec,

Post by Alec Muffett
I'd love to know more about the security issues in particular. Do please
tell?

I don't recall finding a specific vulnerability, but last time I had a
look at EOTK a while ago, it generated an nginx config that performed a
series of steps to manipulate HTTP headers and body (HTML & Javascript)
using (hard to audit) regexps. This is not a great security practice
IMHO, as it can result in all kinds of unexpected output, especially
with user-controlled untrusted input. It's the kind of thing that has
runs the risk of generating XSS, header CRLF injection vulnerabilities
etc.

More broadly, using regexps to manipulate content means that you either
replace mentions of "upload.wikimedia.org" blindly, even
legitimate/non-href ones like a mention of it in the article text, or
you attempt to parse the syntax of HTML and Javascript with regexps,
including quotes, escape sequences, comments etc. Neither are the right
thing to do.

EOTK as I understand it also pre-generates an nginx config with a very
specific site-specific configuration, such as CSP, TLS ciphers etc.
These may are secure, but are the kind of settings we are paying a close
attention to and manage ourselves, so delegating them to a tool like
EOTK is not something we can do. That said, it may be possible to use
EOTK to bootstrap our configuration and then remove the bits that we
manually manage and care about, so I don't think this is by itself
hindering our usage of it.

Post by Alec Muffett
I would love to know more about what you see as the inhibitors - especially
so that I can go fix them for the internet-community-at-large - however
this decision is one for the Wikipedia community to take.
I'll still happily help if you decide "yes", but WMF should make and own
the decision.

Note that there is a distinction between "the [e.g. English] Wikipedia
community" and the WMF. We are all part of the same movement but the
various wiki communities have decision-making capabilities of their own,
especially when it comes to matters such as who's allowed to edit what,
when and how. Allowing edits over Tor is not the kind of decision the
Foundation can unilaterally make, while setting up the Onion service
would be something that the Foundation would do, since it would just be
part of our infrastructure and thus our mandate.

Granted, serving the site over an Onion service is orthogonal to being
able to edit it, so it's something we may eventually do anyway, even if
the situation around editing remains the same. It does limit its scope
and usefulness though, and is thus a factor that contributes to our
prioritization (or lack thereof).

Best,
Faidon
--
Faidon Liambotis
Principal Engineer, Technical Operations
Wikimedia Foundation

Cristian Consonni

2017-06-17 12:29:52 UTC

Hi Faidon,

Post by Faidon Liambotis

Question:
would it be possible to activate it for specific projects, say Italian
Wikipedia?(*).

I don't see major technical obstacles in doing just one project - i.e.
one subdomain - at a time, besides the fact that the value of having
just one project as an onion service would be much less (for the obvious
reason that any time that the user would go to Commons, Wikidata or
another language it would exit the service).

Of course this route would make the "resource balance" even worse at the
beginning, but on the other hand it would be a nice test. For what is
worth, it.wiki was also one of the first projects to opt-in for Wikidata
interwiki transfer, if we want to follow the "test on small projects
first" logic, so I hope to leverage the little (but proud :P) tradition
with testing new features at scale of the it.wiki community.

Cristian

(*) I would also love to mention Turkish Wikipedia, but I don't speak
Turkish and I would not be able to reach out to that community, at least
not enough to start and follow a discussion on such a proposal.

Alec Muffett

2017-06-21 22:46:11 UTC

Post by Faidon Liambotis
hi Alec,

Hi Faidon!

Post by Faidon Liambotis

Post by Alec Muffett
I'd love to know more about the security issues in particular. Do please
tell?

I don't recall finding a specific vulnerability,

That's excellent!

Post by Faidon Liambotis
but last time I had a
look at EOTK a while ago, it generated an nginx config that performed a
series of steps to manipulate HTTP headers and body (HTML & Javascript)
using (hard to audit) regexps. This is not a great security practice
IMHO, as it can result in all kinds of unexpected output, especially
with user-controlled untrusted input. It's the kind of thing that has

runs the risk of generating XSS, header CRLF injection vulnerabilities

Post by Faidon Liambotis
etc.

I concur; that's why I am working on an additional template which takes an
all-or-nothing approach, where the regexps and expectations are much
simpler to reason about.

Post by Faidon Liambotis
More broadly, using regexps to manipulate content means that you either
replace mentions of "upload.wikimedia.org" blindly, even
legitimate/non-href ones like a mention of it in the article text, or
you attempt to parse the syntax of HTML and Javascript with regexps,
including quotes, escape sequences, comments etc. Neither are the right
thing to do.

Depending upon expectations and threat-models, I can see that perspective.

Post by Faidon Liambotis
EOTK as I understand it also pre-generates an nginx config with a very
specific site-specific configuration, such as CSP, TLS ciphers etc.
These may are secure, but are the kind of settings we are paying a close
attention to and manage ourselves, so delegating them to a tool like
EOTK is not something we can do.

Indeed.

Part of the point of EOTK being available on Github is the expectation that
sites will fork it and tune it to meet their needs.

I am confident that Wikipedia are equipped and expert enough to tweak a
NGINX cipher suite config without much fuss.

Request: whist we're here, I would be delighted to see/plagiarise the
cipher suites that Wikipedia uses - could you point me at them, please?

Also, I suppose it's worth noting that - to a fair first approximation -
anyone accessing a Wikipedia Onion is doing it from one of:

- Tor Browser
- Orfox
- Tails

…so the number of cipher suites which EOTK needs to optimise for, are
actually quite small.

Post by Faidon Liambotis
That said, it may be possible to use
EOTK to bootstrap our configuration and then remove the bits that we
manually manage and care about, so I don't think this is by itself
hindering our usage of it.

Concur. There is nothing stopping you using it.

Post by Faidon Liambotis
Note that there is a distinction between "the [e.g. English] Wikipedia
community" and the WMF. We are all part of the same movement but the
various wiki communities have decision-making capabilities of their own,
especially when it comes to matters such as who's allowed to edit what,
when and how.

I did not know that! That is very interesting, thank you. TIL.

Allowing edits over Tor is not the kind of decision the

Post by Faidon Liambotis
Foundation can unilaterally make, while setting up the Onion service
would be something that the Foundation would do, since it would just be
part of our infrastructure and thus our mandate.

Understood. Is it safe to extrapolate this to (say) Wikibooks, also?

Are they likewise geographically distinct?

Post by Faidon Liambotis
Granted, serving the site over an Onion service is orthogonal to being
able to edit it, so it's something we may eventually do anyway, even if
the situation around editing remains the same. It does limit its scope
and usefulness though, and is thus a factor that contributes to our
prioritization (or lack thereof).

Cristian is making a good case around this matter, so I will leave that to
him for a while.

Thanks again!

- alec

--
http://dropsafe.crypticide.com/aboutalecm

Faidon Liambotis

2017-06-22 04:38:41 UTC

Post by Alec Muffett
Request: whist we're here, I would be delighted to see/plagiarise the
cipher suites that Wikipedia uses - could you point me at them, please?

Cipher suites can be found here:
https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb

The "type" argument specifies, essentially, the compatibility level
depends on the endpoint we're securing -- we can be more aggressive for
e.g. developer tools, where we don't expect old browsers or operating
systems. For the main websites, the level right now is "compat". The
list of ciphers is constantly evolving, as old browsers drop below
certain thresholds and become unsupported. For example, there is work
underway to phase out DES-CBC3-SHA, breaking IE8-on-Windows-XP, cf.
https://phabricator.wikimedia.org/T147199.

The rest of the HTTPS nginx config can be found at:
https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/tlsproxy/templates/localssl.erb

(note that wikimedia-l attracts a wider audience, not just engineers, so
the above may be something that's not to everyone's interest here;
wikitech-l would probably be more appropriate if you have further
questions or input around technical matters :)

Post by Alec Muffett

Allowing edits over Tor is not the kind of decision the Foundation
can unilaterally make, while setting up the Onion service would be
something that the Foundation would do, since it would just be part
of our infrastructure and thus our mandate.

Understood. Is it safe to extrapolate this to (say) Wikibooks, also?
Are they likewise geographically distinct?

It would be and yes, typically each language/project combination (but
note: language, not geography) operate separately/independently. There
is https://meta.wikimedia.org/ for broader/global community decisions,
though. Plus a few other exceptions, too :)

Best,
Faidon
--
Faidon Liambotis
Principal Engineer, Technical Operations
Wikimedia Foundation

Cristian Consonni

2017-07-09 10:22:28 UTC

ANother relevant academic article:
---
"Chilling Effects: Online Surveillance and Wikipedia Use"[1]

«This article discusses the results of the first empirical study
providing evidence of regulatory “chilling effects” of Wikipedia users
associated with online government surveillance. The study explores how
traffic to Wikipedia articles on topics that raise privacy concerns for
Wikipedia users decreased after the widespread publicity about NSA/PRISM
surveillance revelations in June 2013.»
---

This study has been covered by various articles in the press, here's for
example one from "The Intercept" by Glenn Greenwald:
---
«New Study Shows Mass Surveillance Breeds Meekness, Fear and
Self-Censorship»[2]

A newly published study from Oxford’s Jon Penney provides empirical
evidence for a key argument long made by privacy advocates: that the
mere existence of a surveillance state breeds fear and conformity and
stifles free expression.
---

Cristian

[1]: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2769645e
[2]:
https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/

Trillium Corsage

2017-06-12 17:22:31 UTC

Risker, example of "pure unadulterated trash" edits on Wikipedia, or are we just to take your word for it?

You know, how about two examples?

Trillium Corsage

Dariusz Jemielniak

2017-06-13 09:26:35 UTC

Post by Risker
should be, given the pure unadulterated trash that tends to come in
whenever a Tor exit node is missed in the routine lockdowns.

well, editing through Tor when you are logged in is quite ok, right?

One thing that I've been thinking about recently would be defaulting to Tor
in our mobile app - for reading, and for editing just for the logged in
users.

Facebook app currently offers channeling through Tor, but not as default
(mainly because it kills notifications, but we don't need them). If we
defaulted to Tor traffic for our app, we would effectively make blocks
transparent to most users. The advantage of this solution is that probably
99% of our regular readers will not switch to Tor if they have not used it
before.

(just my 2 non-technical cents, possibly a stupid idea)

dj

Yongmin H.

2017-06-13 09:38:27 UTC

FYI: Editing through tor is blocked for logged in users too, unless you
have `ipblock-exempt`. (It's included in admins and IP Block Exemptions.)

Post by Dariusz Jemielniak

Post by Risker
should be, given the pure unadulterated trash that tends to come in
whenever a Tor exit node is missed in the routine lockdowns.

well, editing through Tor when you are logged in is quite ok, right?
One thing that I've been thinking about recently would be defaulting to Tor
in our mobile app - for reading, and for editing just for the logged in
users.
Facebook app currently offers channeling through Tor, but not as default
(mainly because it kills notifications, but we don't need them). If we
defaulted to Tor traffic for our app, we would effectively make blocks
transparent to most users. The advantage of this solution is that probably
99% of our regular readers will not switch to Tor if they have not used it
before.
(just my 2 non-technical cents, possibly a stupid idea)
dj
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l

--
Yongmin Hong
https://wp.revi.blog
Please note that this address is list-only address and any non-mailing
list mails will be treated as spam.
Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a

Dariusz Jemielniak

2017-06-13 10:21:10 UTC

Post by Yongmin H.
FYI: Editing through tor is blocked for logged in users too, unless you
have `ipblock-exempt`. (It's included in admins and IP Block Exemptions.)

it is NOW, it does not have to be - through an app.

cheers,

dj

Gergő Tisza

2017-06-13 10:28:04 UTC

Now that we have ascertained (again) that wikimedia-l is a poor channel
for focused discussions about tech proposals, can we move this to
Phabricator?

Risker

2017-06-14 02:12:53 UTC

I see your point, Gergo, but in reality Phabricator is an even worse
channel to discuss projects that are, essentially, social issues. Whether
or not to have an onion may appear to be essentially a technical issue, but
I have yet to see any indication in numerous discussions about Tor that I
have read and/or participated in that our technical geniuses (and I say
that with warmth and honesty) really give a lot of thought to the legal and
social implications of providing active support to the dark web. It is a
social and ethical issue (from just about all sides) and should be
discussed with that in mind.

I have little doubt that it is entirely technically possible to set up a
Tor onion on an isolated WMF server somewhere or other. It's probably
child's play for many who work within the area, and I have little doubt
that there are many individuals within the broad Wikimedia community who
have chosen to use or actively support Tor. Setting this up is not a
technical "problem" to be solved (which is essentially what Phabricator is
for). I will again reinforce: it's a social and ethical issue, and only
once that is resolved would it be time to consider it a "technical
problem".

With respect to "known editors" using Tor, I'll take the opportunity to
also respond to Lane. I think I could paraphrase his concerns by saying
that, from where he sits, it seems that all Tor users are painted with the
same brush, and that there are some legitimate users of Tor, and some
legitimate reasons that certain individuals would potentially benefit from
using Tor. I happen to agree with him on this point. I am well aware of
at least half a dozen Tor users known to the enwiki community who
explicitly requested IPBE on their existing accounts so that they could
edit; the accounts tended not to have many edits, but the editors'
rationales were usually that they were Tor users and thus were unable to
edit. I'm aware that several of those individuals have been granted IPBE
over time; yes, they have to ask for it, but then so do the users who want
to edit through hard-blocked VPNs. I can't speak for other projects, but I
can say that on enwiki there are both administrators and functionaries who
are liberal in their granting of IPBE. I sometimes find it odd that nobody
asks me directly to help them out; I think I've granted it every time I was
asked.

Risker/Anne

Post by GergÅ Tisza
Now that we have ascertained (again) that wikimedia-l is a poor channel
for focused discussions about tech proposals, can we move this to
Phabricator?
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Cristian Consonni

2017-06-14 14:28:54 UTC

Hi,

[...] Setting this up is not a
technical "problem" to be solved (which is essentially what Phabricator is
for). I will again reinforce: it's a social and ethical issue, and only
once that is resolved would it be time to consider it a "technical
problem".

It is also not social problem if we are just talking about reading and
writing only for people who already have IF block exemption, IMHO.

Cristian

Kevin Smith

2017-06-14 15:39:02 UTC

Post by Risker
I have yet to see any indication in numerous discussions about Tor that I
have read and/or participated in that our technical geniuses (and I say
that with warmth and honesty) really give a lot of thought to the legal and
social implications of providing active support to the dark web.

My entire experience with Tor has been through human rights activists who
fear for their lives.

It is unclear to me how allowing people, who have legitimate security
concerns, to read and contribute to open knowledge, is "actively supporting
the dark web". At least on TV, the "dark web" is a very loaded term.

The proposal (as I understand it) would not allow any Tor user to do
anything other than access our projects. That's different from setting up a
general Tor entry or exit node, which would facilitate other uses.

Kevin

Tim Starling

2017-06-19 05:09:46 UTC

Post by GergÅ Tisza
Now that we have ascertained (again) that wikimedia-l is a poor channel
for focused discussions about tech proposals, can we move this to
Phabricator?

I filed https://phabricator.wikimedia.org/T168218

Post by GergÅ Tisza
I see your point, Gergo, but in reality Phabricator is an even worse
channel to discuss projects that are, essentially, social issues.

I'd rather you didn't discuss social issues on Phabricator. I filed
the task for the technical part of the project.

-- Tim Starling

Rogol Domedonfors

2017-06-19 06:20:21 UTC

I quite agree that Phabricator is not suitable for these discussions.
Perhaps Tim would like to say where and how discussions between the
Community and Foundation staff about the need for, and desirability of,
projects like this should be held. After all, we all want projects to go
ahead on the basis of Community input, don't we?

Post by Tim Starling

Post by GergÅ Tisza
Now that we have ascertained (again) that wikimedia-l is a poor channel
for focused discussions about tech proposals, can we move this to
Phabricator?

I filed https://phabricator.wikimedia.org/T168218

Post by GergÅ Tisza
I see your point, Gergo, but in reality Phabricator is an even worse
channel to discuss projects that are, essentially, social issues.

Tim Starling

2017-06-19 11:35:10 UTC

Post by Rogol Domedonfors
I quite agree that Phabricator is not suitable for these discussions.
Perhaps Tim would like to say where and how discussions between the
Community and Foundation staff about the need for, and desirability of,
projects like this should be held. After all, we all want projects to go
ahead on the basis of Community input, don't we?

We've had community input in this thread, but I haven't actually seen
any objection to this proposal raised that stands up to analysis.
Maybe meta would provide a platform for more organised discussion.

Almost everyone talked about abuse potential, ignoring the fact that
we already allow editing via Tor. Nothing actually changes in terms of
abuse potential. The same people can edit, they can just use a
different URL.

The only other argument I saw was that by doing this, we are
supporting Tor, and Tor is evil. But the hidden service only handles
traffic which is directed to the service. It does not support the
network in general. Meanwhile, since 2014 we are operating a relay
which routinely forwards traffic for script kiddies, terrorists and
child pornographers, and nobody complains about that?

I think we should shut down the relay, which in my opinion is not
mission-aligned, and set up the hidden service, which clearly is
mission-aligned.

A hidden service provides a small security improvement compared to
plain HTTPS, and is marginally more censorship-resistant than a VPN.
Its privacy protection is not perfect, but it is probably better than
any other existing solution (except of course [1] ;-). It is a small
technical project, which provides a small benefit to
security-conscious users.

-- Tim Starling

[1]
<https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2016-04-01/Technology_report>

Faidon Liambotis

2017-06-19 12:39:03 UTC

Post by Tim Starling
I think we should shut down the relay, which in my opinion is not
mission-aligned, and set up the hidden service, which clearly is
mission-aligned.

If Tor users are valueable to us enough to justify maintaining (small
pieces of) code and infrastructure to support them, then surely that
means that the Tor network itself is valueable too, doesn't it?

In other words, if we decide to embark on this project or another
Tor-focused project (like Tor support in our mobile apps), we'd do
because we recognize that it is of benefit to a particular segment of
users who are unable to access us due to censorship (or worse), not for
a handful of security-conscious users.

In my view, this automatically means that we value the Tor network, as a
medium, for enabling this kind of use, and putting a small amount of
resources to strengthen it is justified and mission-aligned. Not
entirely different than what we do with other pieces of infrastructure
as good Internet and Linux citizens.

The flip side of this is to argue that the Tor network is predominantly
used for illegimate, ethically bad uses, like the ones you mentioned. In
that case, I don't see why we would want to spend any of our resources
on it whatsoever and go anywhere near it. I obviously don't believe
that, but that would be a consistent PoV that I'd happy to argue against
and eventually oblige to, if that was the consensus we came to.

Regards,
Faidon

Rogol Domedonfors

2017-06-19 17:23:56 UTC

Tim,

I'm taking your response as a rather lengthy way of saying that there is no
convenient central location for discussions of the sort that ought to be
taking place around this and other projects. Is that correct?

"Rogol"

Post by Tim Starling

We've had community input in this thread, but I haven't actually seen
any objection to this proposal raised that stands up to analysis.
Maybe meta would provide a platform for more organised discussion.
Almost everyone talked about abuse potential, ignoring the fact that
we already allow editing via Tor. Nothing actually changes in terms of
abuse potential. The same people can edit, they can just use a
different URL.
The only other argument I saw was that by doing this, we are
supporting Tor, and Tor is evil. But the hidden service only handles
traffic which is directed to the service. It does not support the
network in general. Meanwhile, since 2014 we are operating a relay
which routinely forwards traffic for script kiddies, terrorists and
child pornographers, and nobody complains about that?
I think we should shut down the relay, which in my opinion is not
mission-aligned, and set up the hidden service, which clearly is
mission-aligned.
A hidden service provides a small security improvement compared to
plain HTTPS, and is marginally more censorship-resistant than a VPN.
Its privacy protection is not perfect, but it is probably better than
any other existing solution (except of course [1] ;-). It is a small
technical project, which provides a small benefit to
security-conscious users.
-- Tim Starling
[1]
<https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2016-04-01/
Technology_report>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Joshua Gay

2017-06-19 18:33:02 UTC

Post by Tim Starling
I think we should shut down the relay, which in my opinion is not
mission-aligned, and set up the hidden service, which clearly is
mission-aligned.

In some countries, sharing information with others (even info taken
from Wikimedia project sites), can be illegal. Because of how the
Internet is designed, Traffic analysis is an effective way for
countries to find, monitor, and at times prosecute individuals who are
sharing knowledge that is deemed illegal in their country. Tor helps
protect people against traffic analysis attacks so that they can
communicate, access, and share knowledge and information.

By WMF hosting a Tor relay, I believe they are engaging in a smart and
strategic partnership with others in the Tor Network to help protect
users against traffic analysis attacks.

When viewed as a strategic partnership, I think that hosting a Tor
relay is mission aligned, at least so far as it seems to be aligned
with the work being done by the strategic partnerships and global
outreach, specifically with the goal of "Improving digital privacy",
which is described as follows: "Wikimedia projects maintain a high
standard for digital privacy. The Wikimedia Foundation welcomes
partnerships that help further improve privacy for our readers and
contributors, through both improvement to our projects and to the
global digital and legal infrastructures."

It would be nice if the the partnerships and global outreach team
considered whether or not they felt that hosting a Tor Relay was the
kind of low-cost, low-overhead partnership that helps support digital
privacy for those wanting to safely share and access knowledge.

Josh

--
Joshua Gay - joshuagay.org

Cristian Consonni

2017-06-20 13:57:44 UTC

Hi,

Post by Tim Starling
The only other argument I saw was that by doing this, we are
supporting Tor, and Tor is evil. But the hidden service only handles
traffic which is directed to the service. It does not support the
network in general. Meanwhile, since 2014 we are operating a relay
which routinely forwards traffic for script kiddies, terrorists and
child pornographers, and nobody complains about that?
The flip side of this is to argue that the Tor network is predominantly
used for illegimate, ethically bad uses, like the ones you mentioned. In
that case, I don't see why we would want to spend any of our resources
on it whatsoever and go anywhere near it. I obviously don't believe
that, but that would be a consistent PoV that I'd happy to argue against
and eventually oblige to, if that was the consensus we came to.

This is an interesting discussion and as Tor relay operator I have asked
myself questions along this lines more than once. Here's some of my
opinions on the matter.

There is a "mechanistic" view for which Tor is just a tool, as computers
themselves, which can be used for good and bad. In other words, Tor is
just a technological stack that provides end-to-end encryption for
computers[1]. In this view, Tor is not much different from your modem
and a node operator is not much different from your ISP or a provider of
other internet services. Having been in the position of arguing with a
VPS provider about running a Tor node on their network I have asked them
why in their contract they can decline any responsibility with respect
of the service they use and I can't do the same with respect to the user
of the Tor network.
In short, since Tor is a tool it can be used for good or bad and every
user is responsible for her own use of the network.

On the other hand, I think that some people (myself included) decide to
contribute to Tor because they see some inherent value in it and not
just because it is a fun tool, freely available to use. To be fair, the
Tor legal FAQs say this explicitly[2a]:
---
Should I use Tor or encourage the use of Tor for illegal purposes?

No. Tor has been developed to be a tool for free expression, privacy,
and human rights. It is not a tool designed or intended to be used to
break the law, either by Tor users or Tor relay operators.
---

As Faidon points out the flip side of this argument is that you need
also to consider the bad uses of the network.

You could use an utilitarian approach and try to weigh the goods against
the bad. This is in general very difficult and probably varies very much
from person to person.

In addition to that there is the fact that it is difficult to obtain
data about the usage of Tor, here some sources:
* a blog post from the Tor project "Some statistics about onions"[2b],
which reports that (as of early 2015) "hidden service traffic is about
3.4% of total Tor traffic."
* This talk from 31C3 (the Chaos Communication Congress of 2014) titled
"Tor: Hidden Services and Deanonymisation"[2c] by Dr Gareth Owen of
University of Portsmouth that conducted a survey of hidden services.
From this study it results that the largest proportion of Tor hidden
service traffic is by far child pornography. It may depend on the fact
that there are association and public agencies that monitor this sites
* This paper: "Content and popularity analysis of Tor hidden
services."[2d] by Biryukov et al. A relevant quote: «We discovered a
huge number of hidden services that are part of the “Skynet” botnet
[...]. The number of hidden services with illegal content or devoted to
illegal activities and the number of other hidden services (devoted to
human rights, freedom of speech, anonymity, security, etc.) is almost
the same;»

Instead, you can have a more proactive vision of your actions (or your
community's actions) and think that you can try to get things better for
the measure that you are able to do it. This is also coherent with what
Faidon says that we contribute to the greater ecosystem of software to
be "good Internet and Linux citizens".

Personally, the latter is the vision I relate the most and the reason
for which I started contributing to the Tor network as a node operator.

Cristian

[1]:
https://medium.com/@alecmuffett/tor-is-end-to-end-encryption-for-computers-to-talk-to-other-computers-34e41d81c9e2
[2a]: https://www.torproject.org/eff/tor-legal-faq.html.en
[2b]: https://blog.torproject.org/blog/some-statistics-about-onions
[2c]:
https://media.ccc.de/v/31c3_-_6112_-_en_-_saal_2_-_201412301715_-_tor_hidden_services_and_deanonymisation_-_dr_gareth_owen
[2d]: Biryukov, Alex, et al. "Content and popularity analysis of Tor
hidden services." Distributed Computing Systems Workshops (ICDCSW), 2014
IEEE 34th International Conference on. IEEE, 2014.

Ilario Valdelli

2017-06-19 12:51:13 UTC

This is the correct approach.

There are technical issues and there are social issues.

It’s time to don’t mix them.

Tor can be one solution, not exactly the best and there is no sense to mix the discussion.

Kind regards

Sent from Mail for Windows 10

From: Tim Starling
Sent: 19 June 2017 07:10
To: wikimedia-***@lists.wikimedia.org
Subject: Re: [Wikimedia-l] Let's set up a Tor onion service for Wikipedia

Post by GergÅ Tisza
Now that we have ascertained (again) that wikimedia-l is a poor channel
for focused discussions about tech proposals, can we move this to
Phabricator?

I filed https://phabricator.wikimedia.org/T168218

Post by GergÅ Tisza
I see your point, Gergo, but in reality Phabricator is an even worse
channel to discuss projects that are, essentially, social issues.

I'd rather you didn't discuss social issues on Phabricator. I filed
the task for the technical part of the project.

-- Tim Starling

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-***@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-***@lists.wikimedia.org?subject=unsubscribe>

---
Questa e-mail è stata controllata per individuare virus con Avast antivirus.
https://www.avast.com/antivirus

Cristian Consonni

2017-06-06 00:59:57 UTC

Post by MZMcBride
https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079392.html

Thanks for the pointer, I did know that the WMF was operating a Tor
relay but I didn't recall where to find the details.

Post by MZMcBride
How does your proposal interact (if at all) with the existing Tor relay
set up in late 2014?

Relays (both middle relays or exit relays) and hidden services are
separate parts of the Tor network, so I would say that this project does
not intersect with the existing relays.

Post by MZMcBride
It's unclear to me whether "Tor onion service" in this context is
equivalent to a Tor exit node. I'm fairly sure setting up the latter has
been discussed previously on wikimedia-l and/or wikitech-l.

Can you point me towards this discussion? I wasn't able to find any
reference to that.

In any case, an exit node and a hidden service are very different things.

Exit nodes are tor relays from where the traffic going to an internet
website (on the "clearnet") emerges from the Tor network to the outside.
They are more problematic to manage then non-exit relays because when
somebody uses the Tor network for nefarious purposes such as spam the
target website will see that this traffic is coming from the exit node.

An onion/hidden service is a website that is served only by the Tor
network. See for example this proxy of the Internet Archive:
http://archivecrfip2lpi.onion/
(you need to use the Tor Browser Bundle from https://torproject.org to
be able to visit that address)

I put a simplified explanation on how Tor works and how a hidden service
work on the proposal page[1], and a more detailed explanation of the
difference between an exit node and an onion service[2].

Cristian

[1]:
https://meta.wikimedia.org/wiki/Grants:IdeaLab/A_Tor_Onion_Service_for_Wikipedia
[2]:
https://meta.wikimedia.org/wiki/Grants:IdeaLab/A_Tor_Onion_Service_for_Wikipedia#What_is_the_difference_between_an_exit_node_and_a_onion.2Fhidden_service.3F

Trillium Corsage

2017-06-05 21:15:40 UTC