[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Advice regarding Cloudflare

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Advice regarding Cloudflare
From: Ryan Carboni <ryacko@xxxxxxxxx>
Date: Sat, 2 Apr 2016 22:31:29 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 Apr 2016 01:32:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=8ZOlhUioBXG74CD5iOo0LUDSfzWPBa26KQDA6EYaSYA=; b=XrNjUvMJaQAbqvsORl1RsMKx9rcf0lzHCnsRSXvx2De1IV28EmkRI+4J8fbbuNRt5D 78qS5Eu1wn46UEuK5chRNgiWcIrWwZuQOcpfg7As8jXGMbTw8nCOxN8bzf4zXqw9yaV+ JQ9pc3QuIZWqEPzZ+6XvM56rKwaLwhXRDVeIDXzZvzHLdtgDY68poKAcOO1CkL56y8gC yw4dyCWrV32Dw9El4y8RwTojjRQMumCOsH0WeTwwy5yrrK6+grZZeBNHMfSCf9pnw/Jx Zhvi5Ge4eQt2gN5wYQvtCrOp8YH1f8BrgK1aXmBrvG12QhPweVGpDVHn3SFS/JtPIX4B /QIg==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

I could see why cloudflare is annoyed with you, you are annoying
activists from their perspective, although you folks aren't chaining
yourselves to coal power plants . But I also use Tor from time to
time, so I'll offer some advice.

On the Tor side, a way to minimize abuse is for exit nodes not to
allow multiple IP addresses from a single circuit. This would make web
crawling with Tor expensive, although it will disable the ability for
a single tab to use a single exit node.

Another method is to request a sort of proof of work on the Cloudflare
side. Given current protocols, the simplest would be to require ECDHE
with secp521r1 with each Tor connection and disallow unencrypted
connections. It will be more bearable than a captcha.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Advice regarding Cloudflare
  - From: Yawning Angel

Prev by Author: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor
Next by Author: Re: [tor-dev] Advice regarding Cloudflare
Previous by thread: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor
Next by thread: Re: [tor-dev] Advice regarding Cloudflare
Index(es):
- Author
- Thread