Re: [tor-talk] CloudFlare blog post

[Andreas Krey <a.krey@xxxxxx>]

On Thu, 31 Mar 2016 11:27:24 +0000, Joe Btfsplk wrote:
...
> >What I wonder is how they want to make a difference using .onion addresses
> >for their customers - tor crawlers can take that redirect just so.
> Andreas, sorry - don't understand part of your comment.
> "It would be quite a lot of effort to do... *what?*... this way... - 
> sorry, it won't work any better."

They said that automatically providing cloudflared sites with
onion addresses would make it easier to detect nonmalicious
tor use, but I wonder why they expect that the bad guys don't
immediately use the onion instead of the plain site as well.

...
> I've seen Cloudflare on low value target sites, like wood screw mfg info 
> sites & similar.  Unless other screw mfgs are sabotaging them, I doubt 
> much malicious activity is directed at such sites.

This is simply the default setting, I guess. CF isn't just
a abuse shield, it is first a CDN. There are sites where
there is nothing relevant to harvest, and there are sites
where there is, but they all use couldflare for different
reasons, and get the scraper protection for free, and not
necessarily on their intention.

> 94% is saying essentially ALL Tor traffic / requests are "per se" 
> malicious or use inordinate amt of resources.  That leaves me & 6% of 
> users that aren't.

Users != Traffic.

> Maybe ? he's counting crawler *individual* requests - page by page - as 
> malicious?  They might make many more requests than real users, thus the 
> 94% claim?

Quite probably.

...
> His statement(s) & reasoning about blocking Tor still seem strange.  As 
> they say, "follow the money trail."  "Money trumps all other reasons / 
> motives."

Tell that the authors of the software this mailing list is for.

> I still say trackers aren't going to pay sites for TBB traffic. Don't 
> say, "You're using Tor - get lost" - bad for public relations.  Instead, 
> play dumb & covertly discourage (some) Tor users  - so they access the 
> site w/ unhardened browsers.

Tracking is not cloudflare's business, it's the business of the site owner.

> Can't sites tell the difference in actions of crawlers & real users?

Not as easily as just using cloudflare as a front. Heck, my colleague
has cloudflare in front of one of his sites, even though there was
probable more traffic for setting that up than the site on a good day.

> I'm sure some use browsers other than TBB for crawling & malicious 
> activity.  Can't sites block / time-out crawlers from continuing to 
> access entire site, once it becomes apparent - regardless of which browser?

Yes. That would lock out the entire exit, and with the crawling
density this apparently basically never gives tor users access.

This is also what cloudflare does, just over longer time, and
giving a captcha instead of an reject.

> I get "time outs" from making 2 very narrow term searches in < 2 min. or 
> so, on some sites I'm registered on & participated - for a long time.
> Why can't sites do the same w/ crawlers' rapid, repeated requests?

Crawlers would immediately get smart and stretch their requests out?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk