[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Scroogle and Tor

On 13/02/11 19:09, scroogle@xxxxxxxxxxx wrote:
I've been fighting two different Tor users for a week. Each is
apparently having a good time trying to see how quickly they
can get results from Scroogle searches via Tor exit nodes.
The fastest I've seen is about two per second. Since Tor users
are only two percent of all Scroogle searches, I'm not adverse
to blocking all Tor exits for a while when all else fails.
These two Tor users were rotating their search terms, and one
also switched his user-agent once. You can see why I might be
tempted to throw my "block all Tor" switch on occasion --
sometimes there's no other way to convince the bad guy that
he's not going to succeed.

For the less than knowledgeable people amongst us (e.g me) who want to learn a bit more: what was the rationale for those two Tor users doing what they did? What do they get from it?

Incidentally, I use the SSL version of Scroogle (sometimes with Tor, sometimes without) because a) no CAPTCHAs b) I appreciate your privacy-minded ethos (ideology). It would be a shame if you had to block Tor users because of an abusive minority.

When a nonprofit such as the Tor Project or Scroogle offers a
public service, the script kiddies should have more respect.
I don't expect everyone to donate to Tor and Scroogle, but I
do expect that no one will steal time and effort from us.

By the way, my "block all Tor" options for my Scroogle servers
use an expanded definition of which IPs are Tor exit nodes.
I pull the blutmagie.de exit node list, or the torproject.org
exit node list (both port 80 and port 443) once per half hour,
alternating between the two sites.

One custom switch I use is a cumulative list from yesterday and
today, all in one list with duplicates purged. The other switch
I created is a moving cumulative list from today plus the
previous six days.

Why do I do this? Well, Tor's DNSEL using "dig" is too much
overhead, compared to searching a sorted list on my servers.
But the available exit node lists from the Tor directory are
strange, to say the least. The list size from blutmagie.de can
be as much as several hundred IPs different than the list from
torproject.org, even within the same one-hour period. Moreover,
they are extremely dynamic. While the current list is usually
around 1100 IPs, the cumulative list from yesterday plus today
is usually about 2600 unique IPs. The list from today plus the
six previous days is anywhere from 4500 to 7500 unique IPs.
I've been watching these numbers for over a year now -- take
my word for it that what I'm describing is a consistent
pattern, not some momentary fluke.

I'm getting to the point where I'm tempted to offer my two
exit node lists (yesterday plus today, and previous six days
plus today) to the public. If I had more confidence in the
lists currently available to the public, I wouldn't be
tempted to do this.

-- Daniel Brandt

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/