When Wikipedia met Tor: trials of legitimacy at a key moment in internet history

Abstract In 2005, the paths of Wikipedia and The Tor Project crossed publicly and ferociously. Tired of trolls and vandals, Wikipedia decided to block all Tor users from editing encyclopaedia articles. The Tor Project protested, arguing that such a block was not only ineffective, but constituted a form of censorship. This conflict came at a time when both projects were fighting to establish, maintain, and expand their perceived legitimacy. Using a threefold definition of “legitimacy,” this essay explores the Wikipedia/Tor conflict as a legitimacy conflict. We argue that Wikipedia was heavily invested in a conception of legitimacy as authenticity, focusing on who should be counted as a Wikipedian and who should be excluded. In contrast, the Tor Project was more concerned with Weberian legitimacy, challenging states’ claims to the monopoly of violent power. However, both projects shared an interest in acquiring resources and respect, or legitimacy as propriety. To explain this conflict, we draw on an archive of primary source emails and historical documents focusing on the early days (2001–2005) of both projects.


Introduction
In September of 2005, Wikipedia co-founder Jimmy Wales paid a visit to the Tor Project. 1 Specifically, Wales started participating in the Tor-Talk mail list, used by developers to coordinate their open source project. The subject of his initial email was "Hello directly from Jimbo at Wikipedia" (Wales, 2005b). At the time of Wales's visit to the Tor Project, Wikipedia was (in)famous as a rapidly growing encyclopaedia that was free in two key senses: free to read, and more radically, free to edit. As one journalist noted at the time, Wikipedia was "nothing less than a flat-out phenomenon, with so much content online and with such an influential approach that the prefix "wiki" has taken on a life of its own" (Gushue, 2005). The project was seeing explosive growth -it was nearing a million articles after only four years in existence -and would go on to be a darling of the "Web 2.0" period of the Internet (O'Reilly, 2004).
Tor share a common interest in what we will refer to as "propriety," or organizational legitimacy.
Our research draws on digital archival materials, including project mail lists, Wikipedia administrative documents, software repositories, and contemporary journalism. We collected and analysed over 3000 emails from Tor and Wikipedia email lists, focusing on the period of [2001][2002][2003][2004][2005][2006]. This article is organized as follows. We first elaborate on the concept of legitimacy. We then examine both the Wikipedia and Tor Project, arguing that the former was more concerned with authenticity and the latter with state violence. Next, we explore the Wikipedia/Tor conflict of 2005. We conclude with calls for further historical research on the production of legitimacy among Internet projects. In Gehl's (2018) ethnographic examination of the Dark Web, he encountered the repeated use of variations on the term "legit," ranging from "legit counterfeiters" to the need for law enforcement to ensure that the Dark Web is only put to "legitimate use." As Gehl explains: I came to see the term legitimacy as a keyword in [Raymond] Williams's sense. Much like Williams's keywords, the word "legitimacy" "virtually forced itself on my attention because the problems of its meanings seemed to me inextricably bound up with the problems it was being used to discuss" (p. 14).

Legitimacies
Legitimacy is a powerful -if undertheorized -concept for Internet studies, including historical analysis. For example, Coleman's (2014) book on hackers is suffused with the term: members of the hacker group Anonymous try to discern "legit" peers from fakes, debate about using illegal tactics or to go "legit" and use legal activism practices, and decry illegitimate state violence and surveillance. Likewise, Reagle's (2010) examination of Wikipedia also deploys the term to categorize Wikipedia policies and editors.
However, these works do not fully conceptualize legitimacy. Through pragmatic keyword analysis (an approach that is emic, focusing on how members of groups themselves understand the world around them -see John, 2017), Gehl drew on participant observation and categorized the various meanings of legitimacy into three: violence, propriety, and authenticity, using each as a conceptual lens to understand Dark Web practices. Here, we explain each in turn, connecting each to broad practices associated with the Internet. Weber (1946) tied the legitimacy of a state explicitly to its command and control of violent capacities, arguing that physical force is the sole factor that differentiates a state from other institutions. "A state is a human communication that (successfully) claims the monopoly of the legitimate use of physical force within a given territory… The state is considered the sole source of the "right" to use violence" (p. 78, original emphasis). This fundamental property of states is currently recognized in international law (Finlay, 2010, p. 287). As Alford (2000) argues, the state's "brute, physical coercion… can suddenly appear anywhere…" and is thus a fundamental substrate in contemporary society (p. 141).

Violence
However, this form of legitimacy (and the others) can be contested. For example, consider the contemporary Black Lives Matter movement -organized over the police-slain bodies of Breonna Taylor, Michael Brown, Eric Garner, George Floyd, Renisha McBride, and too many others. In cases of police killings of Black people, the state claims a right to do so by claiming legal justification. Black Lives Matter challenges the legitimacy of the state's use of violent force in an effort to curtail the state and ensure the rights of citizens. This is a feature of Internet history, as well. A fundamental struggle over the shape of the Internet concerns its capacity as a tool for state surveillance versus its ability to allow marginalized groups to challenge states' claims to the tools of violence. Police use of digital technologies to monitor activists is only the latest in a long history. As McIlwain (2020) argues, "computing technology was built and developed to keep Black America docile and in its place -disproportionately disadvantaged, locked up, and marked for death" (p. 7). Contemporary movements challenge this use of digital technology for the administration of violence by developing new tools and taking advantage of existing ones to organize, get their messages out, and articulate new political positions, such as "Defund the Police." Thus, while our day-to-day engagements with the Internet may not obviously connect to violence as legitimacy, the very role of communications networks in liberal democracies is deeply tied to the state's capacity for violence -they can be used to monitor the activities of citizens in order to prosecute them, or they can be used by citizens to challenge the power of the state. In the case of the Internet, of course, both things are happening simultaneously.

Propriety
Violent power is not the only form of power in a contemporary society. The command of resources, and respect for that command, is a particular practice of power, most often associated with corporations. Gehl (2018) glosses this as "legitimacy as propriety" in the dual sense of private property and respectability. As Suchman (1995) defines it, organizational "legitimacy is a generalized perception or assumption that the actions of an entity are desirable, proper, or appropriate within some socially constructed system of norms, values, beliefs, and definitions" -it is "possessed objectively, yet created subjectively" (p. 574). As such, it has a dual function as both "a manipulable resource and… a taken-for-granted belief system" (p. 577, original emphasis). Subsequent organizational scholars have highlighted this dual function of commanding respect and commanding resources (e.g. Hegtvedt & Johnson, 2009), especially applicable in the case of organizations who seek to claim more resources, as for-profit firms do.
This particular form of legitimacy is also important for Internet organizations. For example, as of this writing (August 2021), Facebook, Inc. is being sued by multiple United States government agents, who argue that Facebook's ownership of Instagram and WhatsApp, among other platforms, renders it into an illegitimate monopoly. Just a few years prior, Facebook was largely seen to be legitimate -a highly successful and profitable Internet company. For its part, Facebook must regain its legitimacy-as-propriety -its command of respect and resources -or else it may be broken up into multiple smaller corporations and hence enjoy reduced access to goods such as user data and advertising revenues.

Legit/authenticity
While legitimated state violence has the potential to end life, and while propriety grants an organization the capacity to control resources and hence end livelihoods, there is a third distinct meaning of legitimacy. While it is a more vernacular meaning than state violence or organizational propriety, it is also marked by power relations. This is the "legit," or what Gehl (2018) calls "legitimacy as authenticity," a measure of how well a given entity belongs in its context.
The concept of the legit has been taken up predominantly among scholars of popular culture. Gehl (2018) borrowed heavily from Bourdieu's (1993) cultural field theory for his definition of "the legit." For Gehl, legitimacy-as-authenticity is: a socially constructed, context-contingent perception that an entity belongs to a larger field of entities, and its belonging indicates that it is a true example of the field. This perception of belonging is produced in two ways: first, but identifying those entities that are not authentic and do not belong to the field; thus we come to know the authentic by contrasting it with the inauthentic. Second, it is produced through proclamations of actors who themselves have been accepted as members of the field and who are perceived to have the legitimate authority to judge what belongs and what does not (p. 163).
Echoing Weber's argument about "monopolization," Bourdieu (1993) argues that participants in fields "take part in a struggle for the monopoly of legitimate discourse about the work of art, and consequently in the production of the value of the work of art" (p. 35). Thus, this form of legitimacy is a tautological form: those who have been "consecrated" (Bourdieu, 1993;Stevenson, 2016) as legitimate are seen as the arbiters of who (or what) else belongs in the field, and those arbiters reassert their legitimacy as they declare others to be -or not to be -legit.
Consecration of others -and hence reaffirmation of one's own legitimacy -is an act of power. And this act of power affects Internet practices, as well. For example, Honeycutt's (2006) ethnography of an online community finds that established members used hazing to initiate new members and, in doing so, "demonstrate both a growing self-awareness of themselves as a community and a more explicit understanding of their boundaries and how they expect newcomers to behave before they are allowed membership in the group." The lengths to which people go to gain and retain membership in online communities, as well as the despair people feel if they are expelled, demonstrate the stakes of the legit.

Wikipedia and Tor focus on very different legitimacies
While the three legitimacies share some connections in that they involve relations of power, their divergent domains allow for communities of practice to speak past one another. This is the case for Wikipedia and Tor. As we argue, Wikipedia's conception of legitimacy was deeply tied to legitimacy-as-authenticity, while the Tor Project's conception was deeply tied to state violence. During their clash in 2005, these nearly-but-not-quite-incommensurable conceptions of legitimacy derailed the two projects' attempts at reconciliation. This is in spite of the fact that both projects shared a goal of propriety, or being seen as valuable organizations -especially during the early 2000s, when the social utility of a volunteer-written encyclopaedia or an anonymizing network was heavily debated.

Wikipedia and the legit
During the formative years of Wikipedia (2001Wikipedia ( -2002, a major concern among Wikipedians was distinguishing who did and did not belong on the platform. Early participants in the Wikipedia-L mailing list were greatly concerned with adjudicating the legit. Those who had an account on Wikipedia, who contributed to the mailing list, and who shared the Wikipedia ethos belonged. Those who did not were vilified as trolls and vandals, delegitimated, and were banned from the project. The ultimate expression of legitimacy as authenticity would be the formalization of banning procedures. Wikipedia did not start with a goal of creating banning criteria. Early participants in Wikipedia attributed its attraction of contributors and quick development to the fact that it was radically open: anyone could freely join and contribute. Larry Sanger, who co-founded the project with Jimmy Wales, argued that "perhaps it's the fact that it is open to everyone that makes a lot of these articles in fact not so bad, and ever-improving. We tend to cater to the highest common denominator -"lower denominators" usually don't touch articles they know nothing about" (Sanger, 2001). As Sanger's co-founder Wales heralded, "probably _the_ most astounding fact about Wikipedia is that it is so good without any formal rules or restrictions at all. There are social customs and social pressures that do a really good job of keeping things in line" (Wales, 2001a). At this point, Wikipedians were seen as equal: "there is no such thing as an "administrator" in Wikipedia in the sense of someone responsible for its content, nor should there be" (rose parks at att. net, 2001) Reflecting on this moment in Wikipedia's history, Reagle (2010) recognizes three tenets as central to the project, dictating how its users collaborate -"neutral point of view" (NPOV), "no original research," and "verifiability." As Jimmy Wales argues: I consider all three of these to be different aspects of the same thing, ultimately. And at the moment, when I think about any examples of apparent tensions between the three, I think the right answer is to follow all three of them or else just leave it out of Wikipedia. We know, with some certainty, that all three of these will mean that Wikipedia will have less content than otherwise, and in some cases will prevent the addition of true statements. (Cited in Reagle, 2010, p. 12) The complex workings of these core tenets safeguard the collaborative encyclopaedia's reputation as a reliable resource. As Reagle argues, "the stance of neutrality implies that contributors should abandon efforts to convince others of what is right or true, and instead focus on a neutral presentation of what is commonly understood about that topic" (p. 53). Consequently, an emphasis on neutral points of view is intended to discourage the types of philosophical debates disruptive to the overall effort of the project, fostering civility and cooperation among users in an effort to maintain the integrity of articles. By extension, Wikipedia contributors' mantra "assume good faith" -encouraging users to always assume other users and editors are acting out of good faith and to act out of good faith themselves -is intended to foster agreement by helping disputants in "seeing others' humanity" (p. 59) -even in the absence of formal rules.
However, as the Wikipedia project grew, conflicts brewing "between a couple of otherwise legitimate people" (Wales, 2001b) alerted mailing list contributors to a problem. As authors began to broach controversial topics -such as conspiracy theories pertaining to the Holocaust and global terrorist attacks -personal perspectives on facts and objectivity problematized Wikipedia's three tenets. As "there is no rule against crap contributions" (Kemp, 2002) in an open encyclopaedia, Wikipedians began to categorize contributors into legit or vandals and trolls. Indeed, since as one Wikipedian noted, "the Internet is full of kooks," participants in Wikipedia wondered: "Do they all deserve equal time? Do they all deserve legitimacy?" (daniwo59 at aol. com, 2002).
Prominently, the question of who can -and cannot -edit Wikipedia presents a longstanding issue faced by Wikipedia's founders and users. The prevalence of users continually contributing misinformation, alongside the prominence of "trolls" vandalizing articles, raises difficult questions about "banning" or "blocking" criteria within a community that advertises its openness. A debate rages over what "open" means, especially when it threatens to compromise the project's integrity. Similarly, many of the tenets central to the Wikipedia project seek to facilitate a baseline of consensus across its users regarding the contents and organization of articles. However, the vast, ever-increasing number of users on the website makes defining "consensus" difficult, leading to editorial responsibilities for the project's founders and community leaders. Indeed; "if consensus is a process whereby participants discuss and reason together, openness has another challenging implication beyond the question of who is contributing to the conversation: In an open and forever changing group, how long might any decision be considered the group's consensus?" (Reagle, 2010, p. 104).
Put another way: who is a legitimate member of the Wikipedia project? And should such members have the authority to judge who else belongs, and who does not? The project's radical openness, thus, gave way to a concern with legitimacy/ authenticity. Wikipedians began to distinguish between three different classes of Wikipedians. There were those not logged in to Wikipedia, who had the fewest powers and privileges and were referred to by their IP addresses. There were those logged in to their personal accounts, allowed to add and edit pages with only minor restraints and known by their usernames. And there were those deemed "old-hand/ sysop," a designation "granted in an apolitical manner based on being essentially 'legit'" (Wales, 2002c), wielding the power and privilege to edit protected pages and make irreversible decisions. The encyclopaedia that anyone can edit adopted a hierarchy.
As these systems of legitimation fell into place, the attention of Wikipedia's newly-minted sysops turned to protecting the project against potential "attackers" -"without also raising the threshold cost by enough to deter other, legitimate contributors" (Wales, 2002e). These "attackers" were conceptualized as vandals, trolls, and those persistently violating copyright (Wales, 2002a). The elites of Wikipedia prepared for "rebellions" to continuously break out as these "destructive members" will "tend to push the productive members of society away from active social intercourse" (Sanger, 2002). These constant disruptions, in turn, further underlined the need for legitimated authorities.
Consequently, security mechanisms like IP tracking, IP banning, and account deletion were introduced as "legitimate authority or means of establishing policy or procedures" (Irwin, 2002). IP banning is especially important for the Wikipedia and Tor conflict. IP-based banning was first discussed among Wikipedians in reference to someone they dubbed "24," short for 24.150.61.63, an IP address consistently associated with edits and comments that other Wikipedians found problematic . Because 24 was only identified as an IP address, one Wikipedian showed the rest how to gather more information on them via a who is search (Harris, 2002). Initially, Jimmy Wales "agonized" over whether to ban 24 (Wales, 2002d). However, Wales would eventually ban 24 for a day, noting that 24 is a troll who "revels in… anonymity" (Wales, 2002b). Eventually, Wikipedia sysops permanently blocked 24.150.61.63 from the project.
Such IP-based banning subsequently became a regular practice on Wikipedia. It quickly expanded from targeted IP address blocks to the blocking of all IP addresses associated with particular Internet Service Providers (ISPs) in cases where ISPs would not police their users (Ghory, 2002). Anonymizing proxies were also banned en masse in 2004 (Starling, 2004). In addition, the very use of IP addresses for Wikipedia editing was increasingly seen as suspicious by other Wikipedians (e.g. see the discussion threads Zoe, 2002;Walther, 2002;, beckoning the question -why do these users refuse to just log in and get a username? IP address-based edits were referred to as "anons" and were held in less esteem than users with accounts (Moeller, 2002).
Thus, Wikipedia -the encyclopaedia anyone can edit -became a complex social hierarchy, with contributors deemed legitimate enjoying greater opportunities to edit the encyclopaedia. If they adhered to the project's social standards, their status could be elevated to sysop ("Wikipedia: User Access Levels" 2021). Those who did not adhere to Wikipedia's standards -the vandals and trolls -were to be chased out and excluded by the sysops. Wikipedia's early period, then, is marked by the legit.

The Tor project and the state
While Wikipedia's early years were marked with concerns about who belongs and who does not, the Tor Project was concerned about a very different problem: state surveillance. The Tor Project, thus, was more concerned with questions about the legitimacy of state violence, rather than who is a "legit" Tor user or contributor.
Since its inception, the Tor Project has noted that its primary goal is facilitating "functional anonymity that can protect people in harsh circumstances," such as those users trying to get information through the government firewalls (Dingledine, 2005b). In order to continue serving groups facing Internet censorship, Tor users emphasized the importance of remaining able to function in spite of powerful entities, like state governments, attempting to shut the service down or block its associated IP addresses.
Using a security term, "threat model," the Tor Project conceptualized state governments as "adversaries" who seek to monitor and arrest or execute political dissidents (e.g. Dingledine, 2002a;2002c). These came in two classes. Some were "global passive adversaries"-those "fascists" "curious whether Alice is talking to Bob" (Dingledine, 2002a). Passive adversaries monitored the network, using their surveillance capacities to keep tabs on citizens. And there were the "roving adversaries" -"the bastard that controls a subset of routers at any time and can also compromise additional nodes" (Pfajfar, 2002). These roving adversaries would take over parts of the network and could alter the flows of traffic.
Against these adversaries, Tor Project leaders argued that their software is essential to "dedicated political dissidents" (Dingledine, 2002b) who need to be protected from both surveillance and active network intrusions. As they repeatedly hypothesized, "when actually participating in the protests, [these dedicated political dissidents] use masks to maintain anonymity while exercising their rights. Our adversary observes as above, building a set of suspects to arrest for terrorist acts" (Dingledine, 2002b). Tor, thus, comes to function as a mask, guarding dedicated political dissidents from the reach of fascist, "bastard" adversaries. The Tor Project had to design this mask to hide user identity from everyone, including the Tor Project itself. In other words, the Tor Project had no tolerance for "backdoors," or means to circumvent the anonymizing capacity of Tor (Dingledine, 2006). This focus becomes a synecdoche in the form of the "Chinese dissident" -sometimes named "Jane Chinese Dissident" -a recurrent figure across the mailing list, embodying the noble ethos and urgent aspirations of the Tor Project as the primary tool wielded against the "adversary" (e.g. Abel, 2005a,b;Thorne, 2005). For the Tor Project participants, the Chinese dissident was not just an abstract concept in a threat model; they repeatedly invoked the harrowing realities facing dissidents in China, posting links to news stories about the executions of citizens by the Chinese government (Leitl, 2005).
So, how does Tor protect Jane Chinese Dissident from state or corporate fascists? Much of the focus with Tor is on its use of encryption, and rightly so: the "onion routing" approach involves wrapping Internet packets in layers of encryption, with each layer peeled back on subsequent hops across the Tor network (Dingledine et al., 2004). But IP obfuscation is another key method with relevance to our argument. As Tor traffic proceeds across the network of nodes, the Internet user's IP address is replaced with that of the node's. Once a user's connection reaches its destinationsay, wikipedia.org -the user's IP address appears to be that of the Tor "exit node," rather than the user's original IP address (Perry, 2010).
Ultimately, the implementation of IP obfuscation and encryption was presented by Tor Project members as keys to protecting dissidents. As a side effect, however, Tor Project members noted that criminals would indeed use the network, since their Internet activities would be obfuscated, as well: "alongside legitimate users, Tor would also attract troublemakers who exploit Tor to abuse services on the Internet with vandalism, rude mail, and so on" (Syverson, 2005a). But rather than seek to discern who was using the network for good or for ill, the Tor Project pointed to criminal usage as evidence that the network was protecting people from state violence (Nolan, 2005). As one mailing list participant put it: even if Tor were to be mostly for evil deeds (and we really have no way to determine if it is), I still applaud any mechanism that gives the common user a level of privacy that can hopefully compete with authorities…. Ultimately, I guess it's about balance of power. Anything to help keep the authorities in check (Forgey, 2005).
Thus, Tor's major concern with legitimacy was centred on the legitimacy -or perhaps, the illegitimacy -of states' capacity for violence, rather than adjudicating good or bad users.
In this way, the Tor Project shares many of the concerns Coleman (2014) documented in her ethnographic study of the hacker group Anonymous. A consistent theme of Anonymous discourse is a debate over -and challenge to -states' command of violent power, with much attention paid to states' surveillance abilities. For example, Anonymous's support of political protesters in the Middle East/North African region during the early 2010s included advice about how to remain anonymous online and thus avoid state surveillance and arrest. Moreover, Anonymous members often tolerated illegal activities (especially the use of Denial of Service attacks) as at best a key method of political protest or at worst a side effect of hacktivism.
In sum, while Wikipedia focused on who belonged on their platform, Tor was designed to hide those details -including from the Tor Project itself. Tor was designed so that even the most powerful actors in the world -state governments -could not discern who was using Tor and for what purposes.

Wikipedia and Tor in conflict
Wikipedia's growing use of IP address banning from anonymizing proxies would eventually affect Tor. In January 2005, a Wikipedian by the name of Frank took to the Tor mail list to announce that "I've just had to block all Tor outproxies [i.e. IP addresses] that do port 80 from editing Wikipedia, due to repeated vandalism" (Waveren, 2005a). In response, Tor Project's Roger Dingledine argued against the blocking of Tor by Wikipedia, arguing that Tor is distinct from run-of-the-mill anonymizers: By blocking Tor exit nodes, the people who want privacy via Tor can't edit Wikipedia now, but the vandals still have plenty of open proxies they can use. Notice that there are actual legitimate people doing real edits over Tor. (Dingledine, 2005a) For Dingledine, standard anonymizing proxies, which, like Tor, obfuscate a user's IP address, were the problem. In contrast, Tor's users, he argued, were "legitimate." This debate was relatively mild -that is, until Jimmy Wales got involved. In a blog post on September 27, 2005, Wales claimed to solve the problem of Tor users being banned from Wikipedia: trusted user -> Tor cloud -> authentication server -> trusted Tor cloud -> Wikipedia untrusted user -> Tor cloud -> authentication server -> untrusted Tor cloud -> no Wikipedia Simple. (Wales, 2005a) Wales's proposal, in essence, was for the Tor Project to establish a class of users who were authenticated -that is, legitimated -by some entity affiliated with Tor. These trusted Tor users (and, presumably, their associated IP addresses) could then proceed to edit Wikipedia. Much as Wikipedia had previously created a hierarchy of legitimated users, Wales proposed that Tor create a hierarchy of users with two classes: trusted and untrusted.
The Tor Project was not impressed with Wales's proposal. As Paul Syversson, a key architect of Tor, said: I share frustrations that the statements attributed to Jimmy Wales in the record below and in previous messages seem to show some fundamental misunderstandings and willful ignorance of Tor, and more broadly of identity, identifiers, reputation, authentication, etc. in open network communications. (Syverson, 2005b) The "fundamental misunderstanding" of Tor was, of course, that it was designed to do the opposite of what Wales was proposing: flatten all users into an anonymous mass, not distinguish them based on levels of trust.
Rather than accede to Wikipedia's demand that Tor create its own legit/illegitimate distinction among its users, the Tor Project turned the accusation around: "Wikipedia cannot differentiate abusers from people who need legitimately need privacy, since Wikipedia blocks on IP address and Tor is an easy way to get another IP address" (Murdoch, 2005b). In other words, while Wales was arguing Tor should do the work of sorting legitimate and illegitimate users, Tor Project members argued that Wikipedia had not done enough sorting on their own. Until Wikipedia has found a way to tell the difference between legitimate Tor users and abusers, the Tor Project members argued, the blanket banning of Tor IPs is akin to the fascistic blocking of traffic conducted by ISPs.
Wikipedia members fired back -the conversation, at this point, was turning into a flame war -rejecting Tor's argument about blanket IP address banning. Such bans were effective: it is "an empirical fact that banning sets of IP addresses has proven, in our case, to be a highly effective and practical method of dealing with problems" (Wales, 2005d). Blocking Tor-affiliated IP addresses, they argued, prevented "a herd of vandals from replacing 2000 articles [with] 'Wikipedia sucks!'" (Waveren, 2005b). They dismissed the argument that IP bans could be circumvented by vandals and trolls, whom they felt were illegitimate "idiots. " As Wales argued, "I'm sure if Roger Dingledine or some similar genius happened to want to troll Wikipedia effectively, he could. Fine. We aren't worried about people as smart as that, we're worried about idiots" (Wales, 2005d). To prevent these "idiots" from editing Wikipedia, the ban-hammer of IP address blocking was effective.

Enter the "Chinese dissident"
Throughout this debate, both projects agreed on one thing: the existence of the Chinese Dissident, Tor's synecdoche for all people living in repressive regimes who need to be shielded from state surveillance. Jimmy Wales agreed with the need to protect this figure, declaring at the height of the 2005 conflict: Let me tell you what I love. I love the Chinese dissident who wants to work on Wikipedia articles in safety. I love that Wikipedia is an open platform that allows people to have that voice, and that we can have a positive impact on the world in large part because we don't bow to censorship and we are willing to reach out and work with people like Tor to empower individuals to speak, no matter what sort of oppressive conditions they face. WE ARE ON THE SAME SIDE. (Wales, 2005b) By invoking "safety," "oppressive conditions," and "censorship," Wales appears to be adopting Tor's position, especially because he also suggests "work[ing] with people like Tor." Indeed, this language veers away from legit-authenticity and into the concerns about the legitimacy of state violence.
However, in a different discussion, Wales also argued that "the current design of Tor makes [this goal of protecting a would-be Chinese Wikipedia editor] impossible -people will block Tor because it is abusive. So your Chinese dissident will not be able to use Tor to edit Wikipedia, because the Chinese spammer has ruined it" (Tor, 2005). Again, Wales's argument turned to the need to adjudicate legit editors from "spammers." The Tor Project once again rejected an authentication server existing on Tor, as such an addition would undermine Tor's focus on protecting users from states (Murdoch, 2005a;Syverson, 2005c). Any system that connected editing activities to a stable identity -even if it was pseudonymous -would result in nothing less than death for the Chinese Dissident.
The "Hello Directly from Jimmy Wales" thread included at least 45 emails, with multiple participants repeating Wales's line that "we are on the same side." However, neither side backed off their initial position. At this point in the conflict, Wales was gathering "Tor Horror Stories" on the Wikipedia-EN list, a thread where Wikipedians shared the vandalism they had seen originating with Tor-associated IP addresses (Wales, 2005c). This call resulted in a dozen responses, indicating individual instances of vandalism ranging from "juvenile bad behaviour" to pervasive "Islamophobic" contributions. Drawing on this evidence, Wales and Wikipedians argued that Tor users should be authenticated and legitimated as trustworthy. The Tor Project insisted that none of their users ever be identified -doing so would inevitably invite the violent wrath of the state.
And this is the aporia we find to this day. Using a publicly available list of Tor exit nodes, Wikipedia continues their ban of Tor IP addresses (Tran et al., 2019) using software to automate this task. The Tor Project, resigned to being blocked by sites such as Wikipedia, continued its work of building a powerful anonymizing system. Both projects would continue to grow and are, of course, still active today.

Conclusion: the utility of "legitimacy" for internet history
While the legitimacy conflict has not been resolved, we would argue that the growth of both projects reveals the success they had in achieving a particular form of legitimacy, specifically "legitimacy as propriety, " or an organization's command of resources and respect. Indeed, the projects' dogged commitment to their positions has actually heightened each of their respective claims to resources and respect.
Early in its history, Wikipedia struggled against a reputation as an unreliable reference source (Reagle, 2010). Its own internal struggle to authenticate particular editors and chase out trolls and vandals reflected the larger debate over whether Wikipedia was a viable way to create an encyclopaedia. "Although some might argue any effort to block even problematic users is a step away from openness, a chaotic culture of undisciplined vandals would equally disenfranchise those who wish to make a positive contribution to a viable encyclopedic project" (Reagle, 2010, p. 87). Studies that showed that it was as factually reliable as the Encyclopaedia Britannica (e.g. Giles, 2005) helped further legitimate Wikipedia, allowing it to attract more contributors, positive attention, and donations, strengthening Wikipedia's claim that its method of authenticating users and using sysops to moderate content was an effective approach.
As for the Tor Project, as Gehl (2018) argues, its "claims of propriety -respectability and control of resources -hinge on [the privacy and anti-surveillance] community's perception that they live up to idealistic goals" (p. 71). Those idealistic goals are that Tor will protect users from state surveillance. If Tor is even perceived to be compromised in any way -for example, if it had such as think as an "authentication server" -the community's respect will dissipate quickly, and Tor will lose not only users, but also many of the software developers who contribute to it. Open source software projects such as Tor rely heavily on volunteer code contributors and monetary donations to continue to function (Weber, 2004). By sticking to its ideals -even when it means that popular sites such as Wikipedia will block it -the Tor Project retained its organizational legitimacy.
For both projects, the emphasis on nearly incommensurable meanings of legitimacy functioned as a lodestar, guiding each project towards their respective goals of gaining resources and respect. Wikipedia ultimately eschewed a concern about state power in favour of a liberal, Enlightenment vision of universal knowledge leading to liberation, leading to the project being accepted for what it aimed to be: an encyclopaedia. For Tor, challenging state surveillance is its raison d'être, and it would undermine its ability to gather resources if its users even suspected states could discern for which reasons they were using Tor.
Overall, then, we posit "legitimacy" -with its threefold meaning -as a valuable conceptual tool for Internet historical scholarship. In the specific case of Tor and Wikipedia's 2005 clash, legitimacy's threefold meaning helps us clarify what was at stake during their debate, as well as the reasons the two projects essentially talked past one another. In the case of other Internet sites, focusing on the cultivated legitimacies allows researchers to consider the legal/political status of the site (legitimacy as violence); the organizational structure and power of the site (propriety); and how the site creates in-group and out-group distinctions (authenticity). In turn, each of these levels of legitimacy invokes different scholarly traditions. For example, questions of the state's legitimate command of violence invokes political science and communication; organizational proprietary invokes political economy and organizational communication; and authenticity invokes cultural studies and ethnographic research. The conflict between the nascent Wikipedia and Tor projects, thus, must be understood as representative of ongoing debates regarding Internet culture, practice, and governance. These questions of authentication and adjudication raised over 15 years ago, at a historical moment in the development of the contemporary Web, are far from resolved -rather, considerations of who does (and does not) get to participate in collective undertakings at any given level (state, organizational, or cultural) are as relevant today as they have ever been. Promises of "freedom" on the Internet are under constant debate and attack, warranting serious attention from scholars across academic disciplines.

Notes
1. note that the tor Project was formally organized in 2006 as a non-profit organization. the software they develop, the tor router, dates back to 2002. For the sake of convenience, we will refer to the tor organization as "the tor Project" throughout this paper and to the tor software as "tor" or "tor software." 2. We base this claim on analysing news coverage of both projects between 2001 and 2006.
Wikipedia was far and away more well-known than Tor. Tor would gain fame in 2013 after the Edward Snowden leaks of NSA surveillance.