[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor blacklists [was: WebIron]

Expanding some aspects touched on in the WebIron thread...

> https://check.torproject.org/cgi-bin/TorBulkExitList.py
> https://check.torproject.org/exit-addresses
> https://www.torproject.org/projects/tordnsel.html.en
> contrib/or-tools/exitlist

Publishing, operating, advertising and promoting these sorts of
data lists with explicit documentation on how to block tor is
tactically counterproductive to at least one side of the very
circumvention tech tor claims to be about... in particular if such
online tools are highly accurate... for example, the ability to merely
read the frontpage / content of many services becomes "Access Denied" [1].

Tor [Project Inc] engages in publishing these for a number of
[un]spoken reasons. It's trying to curry favor in courts, legislation,
news media, corporations, donors and other venues as a nice player...
for survival of Tor both as "Inc" the corporate tool producer, and
the tool as a tech itself (think Napster, BT/uT situation here).
To demo promote best practice accuracy and distinction between exit
and non-exit to third party blocklists. And to permit services to
grant special favor to users of shared IP's (noting the internet
has thousands more NAT/VPN/Proxy that can reach similar users per IP
magnitude and are no less problematic or important or favored).

Spammers and criminals don't go out of their way to generate and
distribute non-intrinsic data and docs on how to kill themselves.
So SpamBL's, HackBL's, BotBL's, etc all emerged as third party
productions, with various degrees of quality, personality, fees,
and adoption and impact therein.

Tor's consensus is intrinsic, and it has various data subprojects
created and tuned by, and for benefit of, its tor-client users,
relay operators, devs, and research. However tor's explicit provision
of its own BL tools is not intrinsic or needed by those groups.

In their operational lifetime such BL's do aid and feed into
restriction of circumvention tech. And long term such provided lists
may be moot since playing nice and data is not what is actually at
stake with tor, or with any other generally anonymous encrypted
overlay and guerilla networks. What's at stake is anonymity,
privacy, crypto, freedom, and a host of other related issues.
How and when you get there is up to you.

There is no real point being made here. Other than highlighting a
variety of aspects people should think about when this topic comes up.

Note also that...
a) Tor tries to protect its bridges instead of listing them all too.
b) One proxy vpn project injects the likes of the Alexa Top Lists at
 random into its node lists making it politically harder to block by
 dumb consensus scrapers, and of course harder to connect at first).
c) Some tor relay operators do deploy the following specifically
 to add in some anti-blocking diversity for tor exits...
 - Local NAT
 - OutboundBindAddress
 - Forwarding exit over VPN's

[1] Though it is not known any research on the subject, compare
also some results of such tools, regardless of who produces them...

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to