On 10/06/2016 05:39 AM, Ralph Seichter wrote:
On 06.10.16 12:57, oconor@email.cz wrote:
You probably will invest your time, but the ISP won't. The amount of the problems is multiplying. Tor should evolve, or it will extinct like dinosaurs.
I don't think that Tor has a problem. It works as designed. One might say that service providers have a problem dealing with Tor, because of the effort involved, or that complaining parties have a problem with Tor, because they don't understand or care that a Tor exit is not the real source of "bad traffic", or that they can block Tor based traffic by using the already existing information provided by the Tor project (see https://www.torproject.org/docs/faq-abuse.html.en#Bans).
Why does "real source" matter? To the extent that Tor works as designed, the "real source" is unknown (ideally "unknowable"). What matters for "complaining parties" is that they're getting crap from some exit relay. So they complain.
Pointing fingers is not going to help, and neither is implementing automated self-censorship on Tor exits. If somebody wants me to block his destination IP on my Tor exit nodes, he'll have to explicitly tell me so, and explain why he's not blocking my exit nodes instead.
Well, that's the other problem. Your exit nodes, on average, are not much better or worse than others. Exit policy matters, I admit, but exits that don't allow 80, 443, 22 and other mainstream ports are not very useful. So more and more sites either block Tor exits entirely, or label activity from them as fraudulent. Just telling complainers to block Tor exits may resolve your issues, but it creates others.
Arguably, it's the complainers that should be implementing IPS and/or other measures that block whatever they don't like. Rather than just blocking Tor exits, or filing abuse reports. But expecting that to happen is probably unrealistic.
-Ralph
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays