[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] CloudFlare

On Thu, Apr 18, 2013 at 2:51 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> Though sure, I do suggest and accept that Tor may present a
> different *class* of abuse than other categories of abusable
> IP's.

Tor exits were not banned prior to their use for abuse. At the point
automated exitlist banning was performed a substantial portion were
manually blocked. (Which had the three way bad effect of not
completely blocking the trolls, while blocking most use by non-free
users, while also blocking ex-exits and punishing people for even
trying out being an exit).

There is no particular blocking efficiency gain that comes from using
exitlists relative to other kinds of abuse sources. The site can and
does block /16's all by itself.  (

>> not have a high deployment or operating cost
> I think cost is large what they think about. Just a...  'Really? You mean we
> can turn a flag and whack 2^8 at zero cost, sweet, we just eliminated a
> help desk drone's worth of salary from our costs'. That's pretty cold.

Your approach is why the tor community will make absolutely no
progress on this subject.  Telling me that you don't think the problem
is imaginary doesn't help when everything else you say shows that you
believe it is.

You might think you're being only slightly insensitive to other
people's needs, but I am here to tell you that I am inside the both
communities and you are coming off as a clueless jerk.  This is
actually hard and it involves real trade-offs.

This attitude of "oh it's easy and you're just being a reactionary" is
embarrassing to people who know better... and to people who care less
about enabling access than I do it's so completely misguided that it
will just get you ignored.

> Nyms wouldn't be usable by legitimate anons unless they are
> free from linkable properties.

I suggest you familiarize yourself with the previously proposed
solutions before responding.

> On the other hand, a little development cost by a site can put up some
> pretty big walls against abuse in the form of time delayed accounts,
> captchas now and then, good filters on your i/o, etc. And often cost
> less than whatever service you pay to keep you 'safe'.

The purpose of any anti-baddness system must be to distinguish between
good and bad users.  Things like time delays actually select for _bad_
users:  Good users are unlikely to tolerate the delay. Bad users can
just pipeline to hide the latency.  That things like this reduce
badness is only an artifact of that fact that they reduce everything.

> And honestly, if you're so fucking tight that you can't pony up for
> a proper abuse desk, then both your business model and you
> should expect failure.

I'm not sure where to begin here.

All I can say is that if the Tor community will allow people to
approach this issue with this kind of response it "should expect
tor-talk mailing list