[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Are webmail providers biased against Tor?

On 2015-03-16 16:01, Richard Leckinger wrote:
I think 'track record' is the relevant point. Everywhere is suspicious until you have a track record of accessing google from there. Tor by design is meant to prevent any track record from developing.

The fact that you're constantly accessing Google from an otherwise totally clean and featureless browser itself is a fingerprint that Google could act upon, and "Tor exit node" could be treated as a "country" like any other. Even if they can't separate you from other Tor users, it's potentially just as significant as a fingerprint like "Accesses NY, NJ frequently from each of the four largest providers' dynamic IP ranges, and does not retain cookies"

However, the reality is that the rate of abuse from anonymous sources will naturally be much higher, and as a result, it does make sense to treat such connections with a higher level of suspicion.

A few weeks ago I ran a query against some servers logs which were fed from SMTP, POP3, IMAP and webmail authentication attempts against a DNSBL (torexit.dan.me.uk, I think?) that lists Tor exit nodes, there were tons of unsuccessful authentication attempts coming from Tor exit nodes, while there were zero successful authentication requests in the time period studied. Many of the IPs were doing obvious dictionary attacks, trying many thousands of attempts (with the IP itself being locked out completely after just a few minutes). Based on this limited analysis, it would make a lot of sense to block Tor completely since I don't have any legitimate traffic from Tor. Various other countries would meet this same criteria. However, I don't like to block this indiscriminately.

I'm sure Google's scale means that there are a lot more legitimate users Tor users than I have, but just the same, it's quite reasonable to treat Tor traffic with a higher level of suspicion -- It's not about bias against Tor, or against Tor users, or even a dislike of Tor, but rather, it's the fact that a higher percentage of abuse comes from Tor than from most other sources, even when you take the percentage of legitimate traffic into account. The fact that Tor, by it's privacy centric nature, makes it more difficult to use other fingerprinting techniques to sort out legitimate users means that good users get lumped in with the bad automatically.

Dave Warren

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to