[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Are webmail providers biased against Tor?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Are webmail providers biased against Tor?
From: Dave Warren <davew@xxxxxxxxxxxx>
Date: Mon, 16 Mar 2015 16:48:07 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 16 Mar 2015 19:48:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com; s=MD-20140321; t=1426549692; x=1427154492; q=dns/txt; h=Message-ID: Date:From:User-Agent:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=kSq21StSQ zNaWPtHGgy89f75q648xOvdHO5n+ggk0vM=; b=klZzRw60nd4T5bVx6aSIYs7fg fkckyTKwtOwO0gfTPmsct3oRrqt+tL6MIi3QQsF41X3ZE8akCHvM67IbVRj7wgN2 gYt3o4VYakjSBSOWS7xP7AdHtui7UxBI3EJYvh4rJorBb9IKPkPiq0HtFTxAtrbr EiDOYbxDRfRdHZF8Lg=
In-reply-to: <550760BF.1050000@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <b6cb75245c0c0ec46b713575b96647e1@xxxxxxxxxxxxxxx> <20150316113315.GD2077@xxxxxxxxxx> <5613afa1a339f26dbaaec7bac784f781@xxxxxxxxxxxxxxx> <550760BF.1050000@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:24.0) Gecko/20140623 FossaMail/24.6.0

On 2015-03-16 16:01, Richard Leckinger wrote:

I think 'track record' is the relevant point. Everywhere is suspiciousuntil you have a track record of accessing google from there. Tor bydesign is meant to prevent any track record from developing.

The fact that you're constantly accessing Google from an otherwisetotally clean and featureless browser itself is a fingerprint thatGoogle could act upon, and "Tor exit node" could be treated as a"country" like any other. Even if they can't separate you from other Torusers, it's potentially just as significant as a fingerprint like"Accesses NY, NJ frequently from each of the four largest providers'dynamic IP ranges, and does not retain cookies"

However, the reality is that the rate of abuse from anonymous sourceswill naturally be much higher, and as a result, it does make sense totreat such connections with a higher level of suspicion.

A few weeks ago I ran a query against some servers logs which were fedfrom SMTP, POP3, IMAP and webmail authentication attempts against aDNSBL (torexit.dan.me.uk, I think?) that lists Tor exit nodes, therewere tons of unsuccessful authentication attempts coming from Tor exitnodes, while there were zero successful authentication requests in thetime period studied. Many of the IPs were doing obvious dictionaryattacks, trying many thousands of attempts (with the IP itself beinglocked out completely after just a few minutes). Based on this limitedanalysis, it would make a lot of sense to block Tor completely since Idon't have any legitimate traffic from Tor. Various other countrieswould meet this same criteria. However, I don't like to block thisindiscriminately.

I'm sure Google's scale means that there are a lot more legitimate usersTor users than I have, but just the same, it's quite reasonable to treatTor traffic with a higher level of suspicion -- It's not about biasagainst Tor, or against Tor users, or even a dislike of Tor, but rather,it's the fact that a higher percentage of abuse comes from Tor than frommost other sources, even when you take the percentage of legitimatetraffic into account. The fact that Tor, by it's privacy centric nature,makes it more difficult to use other fingerprinting techniques to sortout legitimate users means that good users get lumped in with the badautomatically.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Are webmail providers biased against Tor?
  - From: grarpamp

References:
- [tor-talk] Are webmail providers biased against Tor?
  - From: blobby
- Re: [tor-talk] Are webmail providers biased against Tor?
  - From: Sukhbir Singh
- Re: [tor-talk] Are webmail providers biased against Tor?
  - From: blobby
- Re: [tor-talk] Are webmail providers biased against Tor?
  - From: Richard Leckinger

Prev by Author: Re: [tor-talk] Tor on OpenBSD 5.6
Next by Author: Re: [tor-talk] Are webmail providers biased against Tor?
Previous by thread: Re: [tor-talk] Are webmail providers biased against Tor?
Next by thread: Re: [tor-talk] Are webmail providers biased against Tor?
Index(es):
- Author
- Thread