[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: None
------------------------------------------+--------------------------
Comment (by tne):
Replying to [comment:219 jgrahamc]:
> I'm not sure that totally makes sense. It's better to think at an
individual request level and ask "Does this request indicate abuse?" and
then decide what to do. Of course, we can take into account other things
as well, but we wouldn't want to wait around and measure abuse and then
say "OK, now we'll start blocking it" because it might be too late (i.e.
the customer may have been hacked/attacked in some way). I think both Tor
users and our customers will be happy with a solution like that.
The delay issue was my guess. I don't think the answer is as clear-cut
however; it's a trade-off. Many sites will be fine with a few misses
before your countermeasures kick in if that means they can still handle
them easily without losing their own users/visitors whenever another
random site at the other side of the planet is attacked from a shared IP.
This is especially the case with spam abuse for example, which is not as
dramatic as a breach and yet is probably the number one reason you assign
bad rep scores (any published data on this?).
It's not like you can catch everything all the time even now anyway, it's
defense in depth and it's all in the numbers. Only you will know if it
really makes sense (you have the data) and I appreciate your replies and
the time you take to consider this suggestion. It is not for me to say of
course, but I like to believe the suggestion is worth your time (from my
admittedly limited perspective, I see potential to calm many people down
this way -- it is not mine although it is an obvious one, many people are
asking here and elsewhere).
I agree wholeheartedly with your mention of focusing on individual
requests instead (who wouldn't?). The problem is, it's just a promise at
this point. If you could really do it efficiently and reliably, this
entire discussion would be moot -- you could drop IP rep altogether.
However, you don't, so evidently you can't (yet) do it efficiently and
reliably, and timing matters. Whatever long-term plans CF might have
regarding a strictly request-level approach, any short-term compromises
will help. Also, can we honestly believe strictly-request-level solutions
will someday be completely satisfactory? Data correlation is extremely
powerful and the temptation (or even pressure from your customers, direct
or indirect) will always remain to leverage it (as evidenced by your
apparently very successful IP reputation system). Attempting to reduce
CF's reliance on it is a noble goal that I support, I'm just afraid it is
only a mirage that will only perpetuate the status quo (which, in my view
and that of many others, is hardly tenable). Hopefully I don't come across
as a defeatist, I'm just trying to be realistic (hence the more nuanced
suggestion).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:220>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs