[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On Tue, Sep 27, 2016 at 3:39 AM, Alec Muffett <alec.muffett@xxxxxxxxx> wrote:
> So to convince people who work at companies of the value of hunting for and
> recovering these grains of rice, you have got to make them _care_.

I want to see more than one overlay network with "exit" feature,
Tor is a singular easy target painted on the back of the internet.
I want more people on them, and by default.

> community just totally savaged CF, with the entirely predictable result of

The blurry cowspot impossible repetitive "trtruullm yrtllmnnr"
captchas set themselves on fire for that, no community needed.

CF and non-login Google search, etc are network based.
Yes that's harder.
But at least let my cookie roam the net,
and only kill it when you subsequently see it doing bad,
not just for roaming.

And for account based services, I expect far more...
We want the accounts, without phone.
Then I want graduated service enablement based on human
pattern heuristics... participation, length of time, kbd / click data,
backoffed captcha intervals, bitcoin deposit with automatic
return schedule, user realness ratings by other users, etc.
These have real and rather unprogrammable / rising costs
to illegitimate users / bots.
For such services, I want canceling of accounts, not canceling of IP's.

[Another silly example... a site that denies credit card
via tor (well, that's plausible, sortof, barely, not), but then
also offers and denies bitcoin payment via tor too. Just
because they didn't think or bother to put in the extra two
lines of code to permit the latter. (Or they laughably think
they need to know provenance of coin to kiss regulation
that doesn't exist.)]

The top sites in every category all have staff and budget
that could implement some levels of this, they just don't.
Because in my opinion, they don't give a shit. Their brains,
singularly and collectively, are programmed to be and act
negatively "how can we reject", not positively "how can we
include". How can we design / buy / sell hardware and software
to exclude and block. Etc. Which also means they don't
tend to listen to users. Or bother with nice things like "hey
you're one of 500 accounts we nuked via IP, if we got you
wrong, login here and tell about it".  It's old school top down
kill focused and at the earliest stage.

We should be seeing a mentality change with the latest
generation of web. After all, tor vpn etc exists now.
Yet I wonder if we are. If not, it needs changeing.

They need insider people (the Alec's) at their insider corporate
conferences and roundtables telling them real users / anons
of anon / real / vpn / wifi networks, and some solutions exist.

> both sides hunkering down into a war of attrition.
> Let's not repeat that?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to