[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Google error / CAPTCHAs.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor and Google error / CAPTCHAs.
From: Alec Muffett <alec.muffett@xxxxxxxxx>
Date: Sat, 24 Sep 2016 15:21:54 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 Sep 2016 10:22:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=/Lnu+7o+K4h0bVMydcrZF85lw+P4NUK4FxgtgMcWgIM=; b=Y56mNunDN1NHEPl6hxyGRCthBunE4h8sW0tAF8OMAYxNAm9500Sxc20Cohixg81rKs arDlkNEfM+P2NCi8KUIYaU0eNw/FKEgDmRKOEYM3YpLWp6HeSJ7OaZna5j43UC8BA0iQ +kP5p/3EgM5v8mimiIy9F37VLO1fLIdcyVpavQQAPeRE8qw+ivujKhs1HN32FwEf/xTb biXygRj+sobfYld8QH7jk1d6BSsyL9LtCw9e5Ho350Byr2YrJvTsyWOOosgeMPL+Ci1R otf/7ED0rhjn4FJ256P51z/bkNb0IBQKlRZjwQGqxICqA1AOJDRJ94/8OZ1ocsYwVqa3 MTBA==
In-reply-to: <3490e0941be420d04b0585899b2f68a6@openmailbox.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <3490e0941be420d04b0585899b2f68a6@openmailbox.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 24 September 2016 at 13:07, <blobby@xxxxxxxxxxxxxxx> wrote:

>
> Question: what are these people actually doing with the exit node IP that
> upsets Google?

That's a good question; I don't know about Google specifically, but when I
was at Facebook the most common Tor-exit-node-related problem was called
"scraping".

Scraping was/is when people with bad intentions hid behind Tor in order to
disguise attempts to access and copy people's public pages, looking for
personal information (names, addresses, pet names, emails, anything...)
which could be correlated somehow and monetised, eg: via phone fraud or
phishing.

Tor is useful to these people because if they were making such access
attempts from a single IP address, or a single subnet, it would be easy to
track and stop them.

So "scraping", along with other/similar reasons, is why tor exit nodes have
such shitty "IP Reputation" in the tech industry.  The Tor exit nodes hide
a bunch of people who are doing scraping.

Of all the big companies in tech, Facebook probably has some of the
theoretically easiest challenges of addressing scraping - because quite a
lot of content is only available when one is "logged in" to Facebook, so
instead of blocking IP addresses Facebook instead can block _accounts_ that
scrape; however that is not a panacea and fighting scraping at Facebook is
still a _massive_ task.

By comparison Google may have a even harder challenge to combat scraping
because much of Google content is meant to be available without logging-in,
therefore Google rely more heavily upon IP-address as an identifier.

Continuing the spectrum - Cloudflare have an enormously harder challenge
than Google, because they are mostly supplying only "network-level"
services to their customers, so lack knowledge of username, userids, and
(most?) cookies that actual platform-providers might be able to use when
fighting scraping.

If you correlate this spectrum with "corporate friendliness towards Tor", I
think you will see a causative pattern emerge; Tor does great work in
enabling access to these services and platforms for people in need, but it
also serves to hide/enable scrapers and other malfeasance. To not recognise
this and instead (for example) to violently beat-up Cloudflare for
"blocking tor" serves only to entrench anti-Tor sentiment.

This is why a few months ago I wrote a blogpost[1] explaining how best I
believe to get more companies to be friendly towards Tor.

Because any amount of denial, public raging and placard-waving is not going
to help.  It needs outreach.  It needs mutual understanding and
communication of benefits.

    - alec

[1]
https://www.facebook.com/notes/alec-muffett/how-to-get-a-company-or-organisation-to-implement-an-onion-site-ie-a-tor-hidden-/10153762090530962

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: blobby
- Re: [tor-talk] Tor and Google error / CAPTCHAs.
  - From: grarpamp

References:
- [tor-talk] Tor and Google error / CAPTCHAs.
  - From: blobby

Prev by Author: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Next by Author: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Previous by thread: [tor-talk] Tor and Google error / CAPTCHAs.
Next by thread: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Index(es):
- Author
- Thread