Alec Muffett, a director of the Open Rights Group and an ex-Facebook, now Deliveroo software engineer, has created a Wikipedia Onion site which can only be accessed through the Tor browser.
— Alec Muffett (@AlecMuffett) November 23, 2017
Wikimedians have long asked to be able to browse and edit Wikipedia through Tor, a browser which reroutes your IP address through multiple computer nodes, making you much harder to track online. However, debate within the community has for years been centred on whether or not this would encourage vandalism.
One proposed solution would be to only allow editing through Tor for email verified, signed in accounts. The onion site could also be set up as a read-only access mechanism, but — although this would be a valuable start — this would miss the point that a lot of people would like to edit more securely and anonymously. Vandalism could happen through Tor, of course, but then it already does happen through “IP” editing when a person is not signed-in.
Muffett noted in a discussion in the Wikipedia Weekly Facebook group that Facebook frequently blocked people from using their site over Tor until 2013, when it decided to change its approach. “Now Facebook recognises that ~1 million people access it over Tor, and that they are a valuable readership.” He also argued that Cluebot, which identifies and reverts Wikipedia vandalism, would equally help address vandalism over Tor as well.
There has been ongoing discussion about editing via Tor since 2007/8, which you can read more about here and here – click on the Talk/Discussion tabs on the top left to see what people have said about the subject.
While you can already view Wikipedia through Tor (but not edit it), browsing via Tor is somewhat slower, because of the way it routes traffic through multiple servers and the way that exit nodes on the network can affect the browsing experience. Muffett says that having a Wikipedia presence directly on the Tor network itself (via an Onion site) would have the advantages of adding ‘speed, surety, trust’.
Another Wikimedian in the Wikipedia Weekly discussion disagrees, and argues that aside from vandalism, editing over Tor would make Sockpuppetry (one user controlling multiple accounts) easier. He stated that ‘It is fundamentally a technical problem in the sense that the tools and processes that Wikimedia communities have come up with to fight malicious behavior in the last 16 years don’t work anymore if you can obtain easily several unrelated and untraceable identities.’
Muffett says that the Facebook onion had several clear benefits:
1) A better and safer experience for people accessing Wikipedia over Tor: no interference by exit nodes, no bandwidth-contention for exit nodes, no use of exit nodes at all.
2) being “a good neighbour” – accessing Wikipedia as a Tor hidden service frees up traffic that would consume scarce exit-node bandwidth.
3) “a peace offering” – people (continue to) use Facebook over Tor; 3 years ago [Facebook] saw 500,000/month, more recently ~1 million users. Muffett, who used to work for Facebook, says that “we found (through measurement and assessment) that people using Facebook over Tor were ordinary folk wanting to do ordinary things. Especially in times of political crisis. Providing a metaphorical “olive branch” showed that we value their use of the site.”
4) Discretion & Trust. Onion Sites are considered to be about “anonymity”, but really they offer two more features: discretion (eg: your employer or ISP cannot see what you are browsing, not even what site) and trust (if you access facebookcorewwwi.onion you are *definitely* connected to Facebook, and cannot be tricked into connecting to an unsafe fake site.)
Muffett concludes that “The code is free and libre. I am doing it because it’s worth doing.”
After launching the .onion site and generating quite a lot of exaggerated tech press about how there’s now a ‘Dark Web version’ of Wikipedia, Muffett’s idea attracted some interest. Unfortunately, some of that interest appeared in the form of people trying to overload the site with bad “Denial of Service”-style requests.
“This experience is a microcosm of my experiences at Facebook – people attempting to flood and break a website for unknown reasons, possibly “for the lulz”, possibly for actual malicious reasons. It’s a mitigable risk, and in fact is greatly simplified by publishing the site over Tor which stops the more mundane forms of network attack such as flooding.”
Muffett said that the attacks the service experienced in its first few days helped inspire improvements toround-off the code’s rough edges. He hopes that by demonstrating that it is possible and desirable to create a .onion service for Wikipedia will encourage people in the community to discuss and reconsider whether to allow it as an official service.
“The simplest way to demonstrate what a Tor Onion site would look like, is to do it. The technology exists (“Enterprise Onion Toolkit”, EOTK) and is solid enough for the New York Times to use… yet it will only improve. The only thing necessary is to deploy it, which is trivial”, he says.