[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Gentoo's response on them blocking access to their forums via Tor

Dunno if this helps or not, but this is what it says on the Gentoo Web Site
(announcement page, linked below):

"Tor network servers banned on the Forums

The Tor Network is an anonymous Internet communication system that uses a
distributed network of servers to bounce communications around. People were
able to use tor to browse the Gentoo Forums until some malicious users
started abusing the forums. As you might have already guessed, using tor
hides your IP address, so it works similarly to a kind of anonymous posting.
The gentoo forums staff, due to this abusive use of tor servers, has decided
to ban all tor servers that have an exit policy allowing connections to
forums.gentoo.org on ports 80 (HTTP) and/or 443 (HTTPS). We are concerned
that our users might want to preserve their anonymity, however there doesn't
seem to be a good technical or legitimate reason to use tor on the Gentoo

In an effort to purge the abuse of the Tor Network generating the least
problem to our users, only Tor servers with an exit to forums.gentoo.org on
the ports above stated will be banned. If they have those exits removed,
they'll automatically be unbanned. Please, notice that this process of
retrieving the list of Tor servers is performed automatically and that it
might take a while to have the ban-list synced."



-----Original Message-----
From: Roger Dingledine [mailto:arma@xxxxxxx] 
Sent: Wednesday, August 10, 2005 5:22 PM
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Gentoo's response on them blocking access to their forums via

On Wed, Aug 10, 2005 at 10:26:33AM -0700, Brian C wrote:
> At Gentoo's LinuxWorld booth it was suggested that Gentoo would 
> restore forum access to those tor server operators who altered their 
> exit policy to disallow port 80 exits to the forums.gentoo.org IP address.

Hi Brian,

Could you drop by there tomorrow and try to explain to them that it's not
very hard to make web servers distinguish between GET and POST requests, and
that they could easily fix things to block POST requests while still
allowing GET requests?

If it's just a matter of them not knowing how to configure their web server,
I bet we can find a volunteer or twenty to help out with this.

If they have a deeper reason, I'd be curious to learn what it is.

(All the rest of you going to LWE tomorrow should do go chat with them about
this too. :)