[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] CloudFlare

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] CloudFlare
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Thu, 18 Apr 2013 18:20:56 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Apr 2013 21:21:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=XlHo33ORT2tjGuunQNjjfIo8AJC8QOnk0IjmFtmvKV0=; b=nSZnKHTqsS9rMiQJqdt1PPENTAsaNiP5eQ9AownV64OIRFGr5X0soO/BiY78aV34PW ZbdfG+FZJlmTy6FUQKY/wwybSXAlbVg+Np/4rmnInnrHHcOT7GYwiwB180B91HHmcMcp JJMuqB1EA0DtN7j/ply++4xre8RXyWJe/zksnmahcmsAogPPhBXlTUIiZHv5zryyLNjl ucVKKQJ2sqJmBI7WOFmE6L4gpizJi1aEvoMhHsxCZvKPNO04A3HOMzT5FwzOg4RNssN7 Qk8tpPSuU4T5WsIz7giSlEYqI4NjOtCVibnF8NLovhOLaSlBzarxXhKJBU7AOkYNRHus XQbw==
In-reply-to: <CAD2Ti2-CZX6pEQs9d+QeEHjcga_bXGsPQLxenbhD3R3+38FKpg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti29sL5hA2qhCjDNn6cfppBFzO5FiuoZ8GOrb4SQbhGxQNg@xxxxxxxxxxxxxx> <CADgVO6wLULK9jUYFVKrEL_G7Z2Xe+jCaHz3mFxDz5mpRMmRRJQ@xxxxxxxxxxxxxx> <20130418200123.GA2774@localhost> <CAAS2fgRTM7vAWosLVsfbZKaT4Z_7OKUqNS76F2x17Bo_P8iibg@xxxxxxxxxxxxxx> <CAD2Ti2-CZX6pEQs9d+QeEHjcga_bXGsPQLxenbhD3R3+38FKpg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Thu, Apr 18, 2013 at 2:51 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> Though sure, I do suggest and accept that Tor may present a
> different *class* of abuse than other categories of abusable
> IP's.

Tor exits were not banned prior to their use for abuse. At the point
automated exitlist banning was performed a substantial portion were
manually blocked. (Which had the three way bad effect of not
completely blocking the trolls, while blocking most use by non-free
users, while also blocking ex-exits and punishing people for even
trying out being an exit).

There is no particular blocking efficiency gain that comes from using
exitlists relative to other kinds of abuse sources. The site can and
does block /16's all by itself.  (
http://en.wikipedia.org/wiki/Special:BlockList?wpTarget=&wpOptions[]=addressblocks&limit=5000
)

>> not have a high deployment or operating cost
> I think cost is large what they think about. Just a...  'Really? You mean we
> can turn a flag and whack 2^8 at zero cost, sweet, we just eliminated a
> help desk drone's worth of salary from our costs'. That's pretty cold.

Your approach is why the tor community will make absolutely no
progress on this subject.  Telling me that you don't think the problem
is imaginary doesn't help when everything else you say shows that you
believe it is.

You might think you're being only slightly insensitive to other
people's needs, but I am here to tell you that I am inside the both
communities and you are coming off as a clueless jerk.  This is
actually hard and it involves real trade-offs.

This attitude of "oh it's easy and you're just being a reactionary" is
embarrassing to people who know better... and to people who care less
about enabling access than I do it's so completely misguided that it
will just get you ignored.

> Nyms wouldn't be usable by legitimate anons unless they are
> free from linkable properties.

I suggest you familiarize yourself with the previously proposed
solutions before responding.

[snip]
> On the other hand, a little development cost by a site can put up some
> pretty big walls against abuse in the form of time delayed accounts,
> captchas now and then, good filters on your i/o, etc. And often cost
> less than whatever service you pay to keep you 'safe'.

The purpose of any anti-baddness system must be to distinguish between
good and bad users.  Things like time delays actually select for _bad_
users:  Good users are unlikely to tolerate the delay. Bad users can
just pipeline to hide the latency.  That things like this reduce
badness is only an artifact of that fact that they reduce everything.

> And honestly, if you're so fucking tight that you can't pony up for
> a proper abuse desk, then both your business model and you
> should expect failure.

I'm not sure where to begin here.

All I can say is that if the Tor community will allow people to
approach this issue with this kind of response it "should expect
failure".
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] CloudFlare
  - From: grarpamp

References:
- [tor-talk] CloudFlare
  - From: grarpamp
- Re: [tor-talk] CloudFlare
  - From: Matt Pagan
- Re: [tor-talk] CloudFlare
  - From: Matthew Finkel
- Re: [tor-talk] CloudFlare
  - From: Gregory Maxwell
- Re: [tor-talk] CloudFlare
  - From: grarpamp

Prev by Author: Re: [tor-talk] CloudFlare
Next by Author: Re: [tor-talk] CloudFlare
Previous by thread: Re: [tor-talk] CloudFlare
Next by thread: Re: [tor-talk] CloudFlare
Index(es):
- Author
- Thread