[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] CloudFlare blog post
On Wed, Mar 30, 2016 at 01:21:05PM +0000, Martijn Grooten wrote:
> CloudFlare CEO Matthew Prince just posted this blog post
>
> https://blog.cloudflare.com/the-trouble-with-tor/
>
> which I think is worth a read for people on this list.
My blog comment is still awaiting moderation, so I'll post it here too:
---
I don't see any mention of a client-side PoW scheme in the draft, which
may be good because it seems difficult to discourage attackers
sufficiently while not inconveniencing users too much. See also:
<https://www.cl.cam.ac.uk/~rnc1/proofwork.pdf>
I am also skeptical about the sentence "Based on data across the
CloudFlare network, 94% of requests that we see across the Tor network
are per se malicious." I would really like to hear about the method you
used to get to that number and what, exactly, you classify as
"malicious." For example, for how long did you observe requests coming
out of the network? After all, you justify the use of CAPTCHAs with this
high number, so it would be great if we could all verify the problem.
I also wonder how effective your CAPTCHAs really are. Deep learning
techniques suggest that bots are about to become just as good, or even
better, at solving CAPTCHAs than people. Therefore, I wonder if a long
term solution should also center around the question if the distinction
between people and machines is still meaningful.
Still, thanks for trying to improve the situation.
---
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk