[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] CloudFlare



>> Tor may present a different *class* of abuse than other categories
>> of abusable IP's.

> There is no particular blocking efficiency gain that comes from using
> exitlists relative to other kinds of abuse sources.

The skill needed for the masses to download and use Tor for personal
style abuse is far less than for them to have formerly attempted old
school proxy chains. Would not an analysis of the type of misdeeds
carried out via all the various abuseable sources yield at least measurable,
if not substantial, weightings for each class of source towards particular
classes of misdeeds. Finance/deep crackers use some subsets, packet
scanners and flooders some others, data leeches others.

>> 'Really? You mean we
>> can turn a flag and whack 2^8 at zero cost, sweet, we just eliminated a
>> help desk drone's worth of salary from our costs'

> You might think you're being only slightly insensitive to other
> people's needs, but I am here to tell you that I am inside the both
> communities

Many of us have hats in both places. I've seen places where
IP based whack a mole was phrased pretty much that exact way.
Or as 'sweet, now we don't even have to perform the balancing act.'

> you are coming off as a clueless jerk.

We're all free to debate each other, point out this or that, supply
links and so forth. That's all good :) And I even expressed some
rare 'fucking' frustration towards general corporatedom / the state
of affairs regarding the blocking subject.

However the recent direct name calling and abuse amongst
people on this list needs to stop right now.


> actually hard and it involves real trade-offs.

Yes, it's a hard human problem. One for which I think there
are better solutions than just IP based blocking.

>> Nyms wouldn't be usable by legitimate anons unless they are
>> free from linkable properties.
>
> I suggest you familiarize yourself with the previously proposed
> solutions before responding.

There may indeed be some that are these days. I can't research
and know everything. And if there are, then we can all, as users
and advocates, get them wiki'd and/or suggested out to sites as
applicable.

>> On the other hand, a little development cost by a site can put up some
>> pretty big walls against abuse in the form of time delayed accounts,
>> captchas now and then, good filters on your i/o, etc. And often cost
>> less than whatever service you pay to keep you 'safe'.
>
> The purpose of any anti-baddness system must be to distinguish between
> good and bad users.

Sure, some solutions are archaic and non-adaptive/automated, yet still
better in certain areas than IP blocking. Etcetera also includes shifting the
cost to community moderation, scoring and ranking systems, rollbacks,
warnings/appeals for users, anonymous deposit/forfeiture of token funds,
combined solutions and so on. There are lots of options beyond simple
IP blocking. Particularly on account based systems.

My problem is with simple IP blocking, especially when you take
out an entire shared access system such as Tor with it. It's crude
and takes the ham with the spam. I think the good outweighs the
bad. We're all working for something better :)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk