[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torslap!

The first problem that I see with this is the '5 hours average.' If a
malicious group got an ASIC but the poor guy from who-knows-where has 10yo
hardware, it may be impossible to balance the cost of doing a 'torslap.'

A bigger problem might be getting people to accept 'torslaps' because it
could be a lot of work. Wikipedia might get an implementation, but what
about the rest of the websites that block tor traffic? And would you really
be willing to do a torslap for every website you wish to register for?

Would it be possible to have "tor-authentication" in the same way that
there is "google" or "facebook" authentication? (could it be
decentralized?). Bascially, there's an account authentication network/api
with a list of verified tor users. Becoming verified would be as simple as
doing an expensive hashcash (and perhaps a market would spring up to sell
these accounts, not a bad thing if the price is high enough). Accounts
associated with abuse will be marked as abusive (that may be hard, but
maybe you could have a table that lists all the parties who have pegged an
account as abusive). Then, you could register for a website by confirming
your identity against an account that is both difficult to acquire and not
associated with abuse. This type of solution would draw on technologies
that are already partially accepted by the internet (IE using a third party
to log in)

On Tue, Apr 23, 2013 at 5:05 AM, <uruioz@xxxxxxxxxxx> wrote:

> i read the messages about websites making it hard to register for torians.
> these guys throw out the wheat with the chaff.
> but dont you know to separate wheat from the chaff?
> thresh that shit, yo:
> ***Torslap***
> "Like hashcash but much much worse."
> server gets request from tor exit to register
> server sends back with javascript "You've been Torslapped!"
> client presses button "Watch me now hey"
> client clicks
> wait...hash...work it now baby
> hash...wait...drivin me crazy
> (average 5 hours later)
> javascript says "Success. Click to continue"
> client sends solution
> server verifies and sends captcha to expire after 5 minute
> client solves captcha
> server opens gate
> anon registers
> server flags account
> (later)
> server gets login from tor exit
> database sees flag that means this anon already got slapped
> victory.
> (after some abuse tracked to tor exits)
> turn up the hate and slap tor noobs harder
> (if sybil gets lose in the flagged accounts)
> slap time for all accounts with tor flags (nuclear option)
> Server just need to send javascript hashing page to client with the rule
> and verify the answer (cheap!).
> Honest Torians- if pain in the ass is better than censorship than we use
> Tor therefore what's another pain in the ass
> Troll Torians- you can tie up laptop for five hours hot hashing action or
> play your MMORPG but not both. which will they chose?
> Honest Torians- waste of five hours register on wikipedia then spend years
> to edit. good tradeoff
> Troll Torians- waste five hours for each hydra head before even doing
> damage. if caught slapped with 7 hours a hydra. Then 10. Then 13.
> Because the captcha has expiration troll can not hoard hashes.
> Could use the litecoin scrypt hashing algo. sounds like there is now
> possible to do gpu hashing for improved efficiency but if trolls don't
> have the discipline and dedication to continue attack just when the
> free-beer attack vector is blocked from them would they really take the
> time to study javascript and improve hash efficiency?
> unlike hashcash that make impossible many kind of massive email jobs that
> people perform today torslap would make possible kind of registration jobs
> that torians are not able to complete.
> btw did i say i cannot code any of this sorry :(
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list