[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A multi-layer proof of work system to solve the Tor/CloudFlare problem?

On Mon, Jan 25, 2016 at 09:09:37PM +0100, Cain Ungothep wrote:
That way a normal web client, normally browsing a website, would not be
impacted from end-user experience, but any automated system (the ones causing
problems to Cloudflare)

Why can't people separate Tor from Tor Browser in their minds?  Tor is a
network transport.  Not all Tor users are lusers sitting behind Tor Browser,
clicking things.

Nice speech, I don't use Tor browser, I use Tor for almost every
application. I would like to automate a link checker for it, but the
useless Cloudflare broke my script to check broken links.

For example I have a system-wide Tor daemon, and I use it for a variety of
different non-interactive things, like news reader updates, automatic source
code fetches, web-api-related requests, and other cronjobs.  I am not the only
one.  Shitflare also affects completely reasonable automatic non-interactive
uses like that.

I do that too, I use Tor for news reader, email client, lightweight
browser, almost everything use Tor, I just don't use transparent
torification for it, I considered it problematic.

In fact the Great Firewall of Shitflare completely fucks every hope of
composability of their clients' web sites.

There is a work to get around that, I plan to do an application to solve
those captcha either by using audio captcha or the picture, there is
actually some ways to solve, I just haven't got the idea yet. (Note:
Those captcha is solve-able by machine not human, it is too hard)

At that stage Cloudflare, instead of using a Captcha, could also
implement an independent Javascript Proof of Work system,

No.  Javascript in the browsers is shit. Shit for security, shit for privacy.
I consider requiring Javascript for fundamental functionality an affront.

I have no comment for Javascript, Tor browser disable that by default,
but I use javascript most of the time.

Maybe it's a bad idea, but the key to be addressed is imho:
- reducing the automated attacks from Tor netwok by increasing it's
costs while leaving intact the end-user experience on Tor Browser

They can actually not use Tor and instead use botnets, botnets is better
and a lot faster than Tor.

< Do what you like, like what you do. >
       \   ^__^
        \  (oo)\_______
           (__)\       )\/\
               ||----w |
               ||     ||
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to