[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Google error / CAPTCHAs.



On 27 September 2016 at 09:42, Mirimir <mirimir@xxxxxxxxxx> wrote:

> On 09/27/2016 01:39 AM, Alec Muffett wrote:
> > On 27 September 2016 at 06:42, grarpamp <grarpamp@xxxxxxxxx> wrote:
> > In such circumstances they are not actually looking at you / what you are
> > searching for. They are looking at the behaviour of all traffic, of
> > everyone and everything else which emanates from that exit node.
>
> Are they even doing that? It's my impression that they're just looking
> up the IP address in some list that includes all Tor exit relays. But
> yes, I get how that's arguably enough, in that all Tor exits will on
> average look alike.
>

Exactly, especially since circuits rotate around exit nodes fairly rapidly.

And eventually someone has to write the code which says "This IP is
emanating bad stuff, but it is currently a Tor node, so just put it on the
naughty step for a few minutes until it calms down, rather than blocking it
for a longer period."

Once someone has done _that_, then the organisation is on the path to
caring about the real people who access the site over Tor, and finding
better solutions.


> I can't imagine any resolution to this. Anonymity is Tor's key goal.
> There are jerks who need anonymity. And there are providers who want to
> exclude jerks. If you want Tor's "anonymity", and you want to evade
> discrimination against Tor users, you need to avoid identification as a
> Tor user. What else?


Exactly.  This manifests where folk on Twitter complain that "zomg i'm
using the onion site and it's blocked me!" - when in fact some perhaps code
is running - code that someone took the time to write - to learn/remember
that you are a person who logs-in over Tor, that you really are who you
claim to be, and that this is all "okay".

Otherwise the first time that someone logs-in from a Tor exit node might be
someone using Tor to experiment with your credentials, which they phished
off you via an e-mail, or something. (This is another popular misuse of Tor
from the perspective of the big platforms.)

It is definitely a _tough_ problem.

    -a

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk