Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,,, and, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


22 April 2007

A. writes:

Wikipedia claims to be for free speech or at least somewhat free BUT look whats happens when you want to post anonymously

This account or IP address has been blocked from editing. You were blocked by Can't sleep, clown will eat me for the  following reason (see our blocking policy):

Auto blocked because your IP address was recently used by "Box37". The reason given for Box37's block is: "troll account".or no TOR use.

Your IP address is XX.XX.XXX.XXX

This error was generated using the TOR network, which means Wikipedia is blocking some or all or anyone using anonymous services to post free speech, ideas or beliefs. Just how safe is this TOR and other anonymizing services?

One wonders if someone in China wanted to use an anonymizing service and WAS able to post, then they got through, so just how anonymous is that service?  Wikipedia wants to track those posters and would they report to Chinese authorities?  It would be a neat experiment for people all over the globe to try various anonymizing services to Wiki and others claim free speech boards and see if they get block or are able to post!

More importantly if the Government gets access to DNS server keys which they might have already, then they could /can trace post, connections back to the server and other points that might be subterfuge and open to finding out who that identity is! Very Scaring and then the  anonymizing services would be no more anonymous then walking up to the door of the government in question and handing them your information.

A2 writes:

Date: Sun, 22 Apr 2007 09:31:39 -0400
To: <>
Subject: cryptome: wikipedia more information on TOR / Block
found more information on TOR after seeing your post
- -------------------------------------------------------
Re: wikipedia vandalism
    * To: or-talk@xxxxxxxxxxxxx
    * Subject: Re: wikipedia vandalism
    * From: Roger Dingledine <arma@xxxxxxx>
    * Date: Mon, 24 Jan 2005 06:04:52 -0500
On Sat, Jan 22, 2005 at 11:29:22PM +0100, Frank v Waveren wrote:
> Link fixed:
> > Could you summarize for us to reasons why
> > Wikipedia doesn't want to require users _from Tor IPs_ to
create accounts
> > in order to edit pages?
> Because vandals will just create an account, vandalise with it,
> blocked, create a new account, vandalise with it, etc.

Hi Frank,

I agree, Wikipedia's current "make an account" system does
not do what you need -- make it hard for vandals to do their
thing. Yahoo and other sites address this problem by using captchas
( to add cost to creating an

You're in a pretty tricky situation, given that you want to keep
account-less edits, yet there are literally millions of open proxies
and compromised machines out there that vandals can use. By
blocking Tor
exit nodes, the people who want privacy via Tor can't edit
wikipedia now,
but the vandals still have plenty of open proxies they can use.

Notice that there are actual legitimate people doing real edits over
Tor. You've heard from some of them in private mail lately, and
posted on your "Talk" wiki. Even in the original thread about this
the wikipedia list, there were people who didnt want an overall
ban, e.g.,

One approach that's in the middle ground would be to require logins,
including captchas, and track edits by accounts like you do now. If
you notice abuse then roll back everything the account has done and
cancel it. If there's repeated unmanageable abuse from Tor, block
it for an hour or something until the guy gets bored. Alternatively,
you could preemptively put edits from certain accounts into a "has
to be manually approved" queue. Optionally, if the first N edits are
approved then further edits can be automatic as now. If you worry
the barrier-to-entry for normal wikipedia users, all of this can be
selectively applied only to IPs that you flag as suspicious.

So, there are some solutions that could provide much better
without too much more work, if you decide that being able to get
from Tor users is worthwhile.

(You mention in your Talk wiki that you used to run a Tor node? I
you might be confused about how Tor works, since you have never run
Tor node to my knowledge. Most Tor users are just clients; I'm
that's what you ran. We have probably upwards of 10k-20k people
using Tor
currently, and I imagine some of them do, or would like to do,
edits. As a trivial example, I noticed a grammar problem while
the entry on Svalbard today, and I can't fix it. Oh well.)

It seems the culmination of the thread from the February 2004
list is the statement
"In general, I like living in a world with anonymous proxies.  I
them well.  There are many valid uses for them.  But, writing on
Wikipedia is not one of the valid uses."

If this is truly the concensus of the wikipedia community -- that
wikipedia values equal access for all, except when it comes to
who value their privacy -- then I guess the discussion is over. I
in that case it ends in Wikipedia's loss, since you block a few IPs,
yet there are still many IPs left for vandals to use that you do not
block. As the Tor network grows, you will be blocking more and more
potentially useful users, yet not really impacting the number of IPs
available to the vandals.

Now, I think you are right, it's reasonable to block the whole Tor
for the moment, while you take stock of your security assumptions
see if you want to adapt into a system that can take into account
humans do not map uniquely to IP addresses. Blocking Tor is not
to solve your problem long-term -- your problem is deeper than that.

But it shouldn't be up to Tor to understand and manage application-
authentication and authorization for every service on the Internet.
this particular issue is being resolved, Tor servers operators
should do what they need to do; but I recommend that you don't
put any Wikipedia-specific entries in your exit policy, in order
to allow as many people as possible to safely read wikipedia. And
if you want to write to wikipedia from your Tor server's IP (which
you might want to do typically for plausible deniability, a form of
privacy), I recommend you use some other anonymizing service, such
as JAP ( or Anonymizer
( If wikipedia decides to block those, there are
plenty more where they came from. Hopefully at some point they'll
their energies can be better spent working on content for Wikipedia
rather than working on building and maintaining blacklists of many
thousands of IP addresses around the Internet.

I'm sorry to not have more useful answers. Wikipedia's security
assumptions don't leave us much wiggle room. :(

- --Roger