[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torslap!

> On Tue, 23 Apr 2013 09:05:19 -0000
> uruioz@xxxxxxxxxxx wrote:
>> i read the messages about websites making it hard to register for
>> torians.
>> these guys throw out the wheat with the chaff.
>> but dont you know to separate wheat from the chaff?
> As much as I hate to say it, a shortcut to the byzantine convoluted mess
> that
> you're proposing, would be "purchase a right to register, paying in
> Bitcoins".

to be clear you mean "purchase a right to register anonymously" and also i
believe the emended statement is wrong. i think you assume those who
defaced wikipedia for zero-money/trivial-time-investment (i.e.,
registering over tor) would pay and devote some non-trivial time (at least
some threshold of hours let us say) for the right to register anonymously
to continue defacing it.

IF this was true then they would as i write this be paying the modest sum
even paying in bitcoins if they chose to rent general purpose vps or vpn
and continue registering to deface wikipedia as we speak. IF they are
doing this in the same numbers then the tor blocking is ineffective at
stopping defacement. but gregory reports that blocking tor is part of
effective countermeasure. this must mean that blocking zero-money attacks
is worthwhile *even* while attack for payment is already widely available.

then there is the supply side of the attack market. here there is little
incentive for servers to implement a user-friendly 'hashbox' system for
whatever type of puzzles torslap uses because the profitability of such a
system ends when the torslap server admin simply decides to go back to
blocking tor. if it works to say 'don't anybody do bittorrent over tor
because it breaks tor and doesn't do you any good' then it works to say
'don't anybody make torslap hashboxes because wikipedia will just block
tor the moment anyone sees you advertise it so it won't do you any good.'

form the perspective of honest torians- what is easier running your laptop
at 100%cpu for a few hours to register for a site or taking days to
transfer funds from a bank account to get bitcoin to pay someone to hash
for you when you will still have to wait some threshold of time to solve a
final captcha?

btw i choose 5 hours because if it is 10x faster on a trolls fast machine
its still half an hour per hydra head which is still a pain in the ass.

there may be better approaches so sorry if this is waste of time for the
tor people to read. but if you can find *some* good way to get anons more
possibility to register even with some pain it will be very helpful.
gregory said some example of the editors get hurt seeing pictures of them
and family next to child porn in the defaced wiki entry. but i think the
problem is reverse-- why are so many of wikipedians pseudonyms linkable to
personal information? part of modern scholarhood should be learning to
compartmentalize facets of your work on general principle. where is the
app that let o henry touch phones in a job interview to whisper he is
provably so? the stakes and the existence public key cryptography demand
it. unfortunately outside of lists like this the general buzz is: i'll
store my data in one big global variable because what's the worst that
could happen. more unfortunately it looks as if were going to get to find
out the answer to that question.


> --
> With respect,
> Roman

tor-talk mailing list