Re: [tor-talk] CloudFlare blog post

[Joe Btfsplk <joebtfsplk@xxxxxxx>]

On 3/31/2016 1:04 PM, Andreas Krey wrote:
> On Thu, 31 Mar 2016 11:27:24 +0000, Joe Btfsplk wrote:
> ...
>
> They said that automatically providing cloudflared sites with
> onion addresses would make it easier to detect nonmalicious
> tor use, but I wonder why they expect that the bad guys don't
> immediately use the onion instead of the plain site as well.
I don't see how bad guys just wouldn't adapt.  They always do.
> Users != Traffic.
Yes - what does that have to do w'/ Cloudflare blocking Tor?
> > His statement(s) & reasoning about blocking Tor still seem strange.  As
> > they say, "follow the money trail."  "Money trumps all other reasons /
> > motives."
> Tell that the authors of the software this mailing list is for.
Tor is non-profit.  They also don't use trackers.  It's different with 
For-profit sites.
> Tracking is not cloudflare's business, it's the business of the site owner.
Yes & no.  It's the business of the trackers, who pay the sites.  Some 
sites need / want help rejecting "unprofitable" users / traffic, that 
trackers won't pay them for. e.g., by using Cloudflare's unsolvable 
captchas to exclude Tor users.
How did Google became the giant it is?  By NOT collecting data, tracking 
users - not using it for advertising or selling the data? Tracking users 
& collecting data, building profiles is huge business.
TBB makes that much harder.  It's not hard to conclude that's why some 
sites don't want TBB users taking resources, though not the only reason 
they may have.
> > Can't sites tell the difference in actions of crawlers & real users?
> Not as easily as just using cloudflare as a front.
Exactly my point.  Maybe you got that & were reinforcing it?  If some 
sites didn't want to exclude TBB, they wouldn't allow Cloudflare serving 
unsolvable captchas.
If they're serving the same unsolvable captchas to *all* browsers, they 
wouldn't have any traffic.

Maybe Tor devs could meet w/ some of the sites and / or Cloudflare, to 
see actual data showing 94% of Tor traffic malicious.
And see if it's remotely possible to do anything about it.  Or, if it's 
just a made up number & not the real reason Cloudflare is blocking Tor.  
Because I'm not sure the problem will go away anytime soon.

We could file a class action suit for discrimination against "freedom to 
choose a browser."  I think it's in the constitution.
> Crawlers would immediately get smart and stretch their requests out?
Yes, but once a site detects crawlers repeatedly trying to access far 
more content than most any real user, they could put a halt.
But if an exit has 1 crawler & 99 real users, the whole exit gets 
blocked.  Unless the site / Cloudflare - whom ever - uses finer 
detection (fingerprinting, etc.) to block only certain requests from an 
exit - if that's possible.
I doubt they want to go to the trouble, as TBB users hurt their business 
anyway, from a tracking stand point.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk