Re: [tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

[Coyo <coyo@xxxxxxxxxxx>]

Doesn't Tor Hidden Services (with some new load balancing and high availability patches) offer DDoS mitigation as an inherent Tor Network property?

It's also possible to put the server running the Tor Hidden Service set up as a HAProxy node load balancing to a set of Varnish caching proxies. It doesn't solve the problem of Tor Hidden Services' single point of failure, but if you use multiple .onion addresses to load the various elements of a webpage, it could help spread it out a bit.

Many web applications can use things like MySQL and PostgreSQL sharding and database duplication features, so you can spread the backend database over multiple servers. There's a lot of nifty things you can do.

If you MUST have clearnet IP addresses, you can put cheap, disposable VPS servers that act as varnish proxies that connect to Tor Hidden Services behind them. This could allow you to use multiple .onion addresses behind the VPSs.

There's various clever things you can do. To avoid DNS-based attacks, you could use things like BGP and LISP (location identity seperation protocol) or IPMasq routing rules to let a small set of IP addresses transparently load balance to multiple servers.

Clever load balancing techniques at the network and application levels with Tor in the middle could work wonders in avoiding the problems associated with services such as CloudFlare.

If you MUST use FQDNs, choose ccTLDs such as .ch, .ru, .io, and .se, country codes run by countries that resist attempts to illegally interfere with internet traffic.

CloudFlare should not be trusted blindly. Unless they can PROVE they have not been interfering with traffic or engaging in illegal or extralegal mass surveillance, you should find other, more clever methods of mitigating DDoS attacks and other network-level abuses. 

On Sun, 28 Feb 2016 06:42:33 +0200
 ÐÐÐÐÑÐÐÐÑ  <afalex169@xxxxxxxxx> wrote:
*wolf**wolf*
> oh, cloudfare... i HATE it. It sabotages my surf on Tor almost every time
> (with some specific internet addresses).
> Their aim is to cover most of the internet -> you just can't use Tor for
> peaceful surfing.
> 
> 2016-02-28 1:25 GMT+02:00 Zenaan Harkness <zen@xxxxxxxxxxxx>:
> >
> > Perhaps someone can design something to counteract the CIA and NSA's
> > Cloudflare tool?
> >
> > Evidently we need a better way to read our news and blogs. Cloudflare
> > is getting to pervasive.
> >
> >
> http://yro.slashdot.org/story/16/02/26/1816211/tor-project-accuses-cloudflare-of-mass-surveillance-sabotaging-traffic
> > Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic
> > From the men-in-the-middle department
> > An anonymous reader writes: Tensions are rising between Tor Project
> > administrators and CloudFlare, a CDN and DDoS mitigation service
> > that's apparently making the life of Tor users a living hell. Tor
> > administrators are saying that CloudFlare is...
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
Coyo <coyo@xxxxxxxxxxx>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk