On 9/27/05, Jimmy Wales <jwales(a)wikia.com> wrote:
What I recommend is that Tor resolve this problem in
this way:
user -> tor cloud -> tor authentication -> tor trusted cloud -> website
If a website complains about a particular ip at a particular time, in
the trusted cloud, then tor retains enough information to track it back
to the authentication server account. They still have no clue who the
original user is, but they can then use whatever methods they want to
keep jerks off the trusted cloud -- and then we could treat the trusted
cloud like any other dynamic ip range.
I have my doubts that Tor is going to want to get into the business of
policing its user base for "appropriate conduct", or even get into the
business of credentialling its users at all. Also, an abusive user
could easily create a new identity whenever his old one gets banned;
there'd be no way for Tor link the new identity to the old, banned
one.
No matter how you slice it, if the default trust level allows edits,
then we'll get vandalism; if the default trust level does not allow
edits, we'll never learn whether any particular identity should be
trusted. There's simply no way with Tor in the picture that we can
reliably link an identity at the server end with a specific end user
without issuing credentials via some outside channel that the user has
to validate after they connect. As long as trustable credentials are
available anonymously and automatically, vandals will continue to
acquire and use them.
Kelly