[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A multi-layer proof of work system to solve the Tor/CloudFlare problem?

Hi, I like your idea but have some criticism to make regarding what you
consider users of the Tor network.

> That way a normal web client, normally browsing a website, would not be
> impacted from end-user experience, but any automated system (the ones causing
> problems to Cloudflare)

Why can't people separate Tor from Tor Browser in their minds?  Tor is a
network transport.  Not all Tor users are lusers sitting behind Tor Browser,
clicking things.

For example I have a system-wide Tor daemon, and I use it for a variety of
different non-interactive things, like news reader updates, automatic source
code fetches, web-api-related requests, and other cronjobs.  I am not the only
one.  Shitflare also affects completely reasonable automatic non-interactive
uses like that.

In fact the Great Firewall of Shitflare completely fucks every hope of
composability of their clients' web sites.

> would get hit by a huge increase in the
> computational resources required to make such massive attacks.
> At that stage Cloudflare, instead of using a Captcha, could also
> implement an independent Javascript Proof of Work system,

No.  Javascript in the browsers is shit. Shit for security, shit for privacy.
I consider requiring Javascript for fundamental functionality an affront.

> to be applied at Application Level and run on Tor Browser,

Ditto about Tor vs. Tor Browser.  Though a neutral _protocol_ (a remote API)
to request and submit the PoW could be workable.

> Maybe it's a bad idea, but the key to be addressed is imho:
> - reducing the automated attacks from Tor netwok by increasing it's
> costs while leaving intact the end-user experience on Tor Browser

Ditto, Tor != Tor Browser.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to