[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: geeez...



On Jan 12, 2011, at 9:01 PM, Roger Dingledine wrote:

> On Thu, Jan 13, 2011 at 01:17:33AM +0100, Mitar wrote:
>> On Wed, Jan 12, 2011 at 6:26 AM, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
>>> and to suggest
>>> solutions for their security problems that involve improving their
>>> computer security for the Internet at large (open wifi, open proxies,
>>> botnets),
>> 
>> I am not sure what you mean by that? That there should not be open
>> WiFi because it improves security? Or that because there are open
>> WiFis, open proxies, botnets you have to secure your systems anyway?
> 
> I assume he meant the latter -- there are many ways that people can
> reach your website and have their IP address not really linked to the
> human making the connection.
> 
> This is related to the "if you remove Tor from the world, you're not
> really reducing the ability of bad guys to be anonymous on the Internet"
> idea. See also my first entry at https://www.torproject.org/docs/faq-abuse
> 
>> But how do you secure them against abusive behavior (blackmailing,
>> posting abusive content...)?
> 
> By making your decisions based on the application-level content rather
> than the routing of the packets. If you have a forum, and it has jerks,
> then you need to learn about accounts and authentication. If it stays
> bad, you need to learn about reputation, or moderation, or various other
> techniques people have developed over the years to deal with abuse.
> 
>> There is probably a reasonable argument that identification would help
>> with security here. No?
> 
> It depends where your jerks are coming from. If your jerks are all obeying
> every law and showing up from their static non-natted IP address, then
> yes, routing address is definitely related to identity. But if your
> jerks have ever noticed this doesn't work so well for them, they may
> start using other approaches and suddenly you're back needing to learn
> about application-level mechanisms (or you're back being angry at the
> Internet for not giving you identification by IP address; if blocking
> by IP address is the only abuse prevention mechanism you've got, you're
> going to spend a lot of your life angry).
> 
> For more on this topic, I'd point you to a short article a few years
> ago by Goodell and Syverson called "The Right Place at the Right Time:
> Examining the Use of Network Location in Authentication and Abuse
> Prevention" -- but in going to hunt for it I can't find it available
> online anymore. Proprietary publishers suck I guess. :(
> 
> --Roger
> 
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
> 

Thank you Roger!

jlj
---
Jay Le Jaroslav <jaroslav@xxxxxxxxxxxxxx>

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/