-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to prevent/block malicious traffic. They also state that according to their measurements, 99% of the traffic coming out of Tor is hostile, and they're going to release a report on the matter soon.
On my side, I've been arguing that 99% of bad traffic absolutely doesn't imply 99% of bad users, since brute-force attacks generate a massive amount of requests (i.e. that 99% of bad traffic may be generated by 1% of the users for all we know) - and therefore I'm unwilling to punish all of them because of an unruly few. Besides, blocking whole /24 subnets seems overkill to me, and they have yet to prove that they have the authority to speak for all the IPs they are requesting.
I suggested that site owners who wish to block Tor traffic do so using the DNSRBL, to which they replied that "hundreds of millions of site owners who barely know how to do e-mail" shouldn't be asked to configure their servers - or indeed do anything to protect themselves because that's victim blaming. They add that "what we have coming next in tackling abuses will make your heads spin :)" and conclude that I'm an arrogant bastard (mildly paraphrasing here).
So as far as I'm concerned, I'll just discard anything I receive from them in the future. I've told my hosting provider that their automated e-mails should be disregarded, and they are okay with that.
- -- JusticeRage
On 16/11/2015 13:52, Cristian Consonni wrote: