[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] general request: Port blocking and developers?

On Mon, Dec 10, 2012 at 10:29 PM, Joseph Lorenzo Hall <joehall@xxxxxxxxx> wrote:
> Hi Tor-talk, apologize for an off-topic query to this list...
> I figure as a group of maintainers, node runners and developers that some
> of you might help us with stories about how port-blocking specifically has
> impacted efforts to develop software:
> Has ISP-blocking of individual inbound and/or outbound ports affected your
> software development processes, required re-engineering of applications
> (poking holes in ISP-level firewalls, etc.), and/or impacted application
> design over the longer term?

Software development:
Well, as a developer I mostly use ssh or https with git, and don't run
services on home ISPs or ISPs that block traffic. If I discovered my
(hosting) provider was doing something like that and unwilling to
change it, I would switch providers.

Application design/deployment:
One of the things we encourage relay (and particularly bridge)
operators to do (if possible) is to listen on common not-blocked ports
(80, 443). Aka, port blocking is braindead and doesn't work (hence DPI
right? The arms race has long since evolved past simple port

> (Full disclosure: I ask in my role as senior staff technologist at
> https://www.cdt.org/ and we would use your responses to try and inform a
> larger piece of work on best practices for ISP port blocking.)

Yes. **Do Not Block Ports** unless **specifically requested**.

Blocking and filtering of chatty network fileshare protocols,
broadcasts, etc should be done at the CPE and it should be
configurable by the user (though sensible defaults are a fine idea).
Anything else is censorship.

And since I mentioned DPI above; the same applies. If the network
cannot handle customers using it at a given price point the business
model is broken. I don't buy any of the arguments for DPI as traffic
management since these providers have had years to meet capacity
requirements and plenty of countries have symmetric FTTH at 100mbit+.
Claiming that they need fancy censorware to keep their creaky network
running is ludicrous.


P.S. I think the bigger issue here is that since most people have a
very limited choice of providers, they pretty much have to live with
the crap options they are presented. That applies to national ISPs and
associated governments as well.

The fact that these people meet to discuss how to filter/block/control
the net rather than improve it is rather telling.

> thanks, Joe
> --
> https://josephhall.org/
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list