Jump to content

Editing with Tor

Add links
From Meta, a Wikimedia project coordination wiki
This is an archived version of this page, as edited by Kernigh (talk | contribs) at 02:59, 30 April 2006 (Expanding the page, with more explanation about what Tor does and why it is blocked.). It may differ significantly from the current version.
This page is about editing Wikimedia projects using a Tor proxy. For the user, see User:TOR.

Tor, The Onion Router (http://tor.eff.org) is an anonymous gate to the public Internet. However, if you use Tor, you will sometimes be blocked from editing Wikimedia projects. This is because many Wikimedia projects block Tor exit nodes from editing. Some details and discussion links follow.

Wikipedia has more about this subject:
Wikipedia has more about this subject:

What Tor does

Tor is a technology to conceal a user accessing the Internet. Tor users are trying to be anonymous. Tor works by relaying TCP streams through "onion layers" called Tor nodes.

As explained in the Tor overview, Tor protects against traffic analysis. Suppose that a Tor user connects to Wikinews:

  1. The Tor client on the user's own computer will make an unecrypted connection to a Tor entrance node, the first onion layer.
  2. The Tor entrance node makes another encrypted connection to an intermediate Tor node, the second onion layer.
  3. Most connections use three layers, so that node makes a third encrypted connection to a Tor exit node, the third onion layer.
  4. The Tor exit node, or Tor proxy, then makes a direct, unencrypted connection to Wikinews.

Wikinews sees the Tor proxy, not the Tor user, make the connection. Meanwhile, other persons will observe a connection between the Tor proxy and Wikinews, a connection between two Tor nodes, or a connection between a Tor client and a Tor node. They will not know which Tor users are connecting to Wikinews; thus the Tor users who do connect to Wikinews are anonymous. (Their are weaknesses, for example attackers could watch both ends of a connection and match them.)

The problem

Vandals can use Tor. Users can and do hide behind Tor to make malicious edits on Wikimedia projects. When this happens, wiki sysops will try to block the attacker. However, Tor is hiding the attacker, so sysops can only block the apparent source of the attack: the Tor exit node, the Tor proxy.

To safeguard anonymity, Tor often switches exit nodes. So the attacker will quickly start to attack from a different Tor proxy. Sysops will block that proxy, and eventually many or all Tor proxies are blocked.

A block against a Tor proxy, like any IP address, blocks all users, logged in or not, from editing the wiki. After the sysops block all Tor proxies, no user can edit the wiki through Tor.

Meanwhile, users who help Tor by running a Tor server will find themselves blocked from editing the wiki unless their Tor server is not an exit node, they block exits to the wiki, or they edit from a different IP address.

The situation

  • English Wikipedia tends to block every Tor exit node.
  • Meta and Wikimedia Commons block some Tor exit nodes, but not most of them.
  • Tor users can still edit some other Wikimedia projects unimpeded. This includes some English-language projects.
  • Some users must disable Tor to edit; these users thus lose protection against traffic analysis.
  • Some users cannot edit Wikimedia projects from computers that are also Tor exit nodes.

Mitigating factors

Blocks do not stop you from reading Wikimedia projects. You can use Tor to read Wikipedia, Wikinews, and the other projects, even if you cannot edit them.

You can disable Tor and edit Wikimedia projects under a user account; Wikimedia will not hide your IP address except when the privacy policy allows. However, this only protects against users who might be browsing Wikimedia projects' contribution histories for your IP address; it does not protect against traffic analysis.

Tor does not protect the anonymity of users who reveal their own personal information, for example by editing under a user account with their real name and personal info on their user page. So those users do not benefit much from Tor.

If you run a Tor exit node, you can choose to block exits to port 80 and/or to Wikimedia IP addresses. Tor users then will not exit to read or edit Wikimedia from your node, and your node should not be blocked.

Discussions

The troubles with Tor

Related policies, guidelines and essays

Implementations

Technical solutions

The XFF project
Actually, the XFF project cannot help Tor users edit Wikimedia projects. Tor exit nodes protect anonymity, so they do not provide X-Forwarded-For headers revealing the Tor user! However, it can help in one case - when there is a Tor exit node behind an ISP proxy (when the proxy handles all outgoing web, port 80 connections but does not stop incoming connections to the Tor exit node). By trusting the XFF header from the ISP proxy, the Wikimedia projects can block the Tor proxy while allowing connections from other users behind the ISP proxy.

Open proxies in general

Related site messages

Further reading

Wiki pages

Retrieved from "https://meta.wikimedia.org/w/index.php?title=Editing_with_Tor&oldid=340116"