On 10/05/2016 12:58 PM, Green Dream wrote:
@Mirimir:
IPS aren't perfect - they let some unwanted traffic through, and block other traffic that is totally ok.
That is an issue. But there are many exits, so eventually users should find one that works well enough for their purposes.
Re-read what you said and think about this from the user's perspective. This is a recipe for disaster when it comes to Tor user experience. Perhaps it seems suitable to you, as a technical person and a relay operator, but just think about this problem for a barely technical user, or someone new to Tor. What will actually happen is people will try Tor, hit a shitty exit with random performance problems from an IPS, log off and never use Tor again.
True. But increased risk of hitting bad exits is arguably better than having fewer exits.
Tor needs all the help it can get with regards to usability and reliability. It's gotten better over the years but I still get circuits that are borderline unusable. Adding a hodgepodge of blocking IPS systems into the mix isn't going to help this problem.
Yes, I do too. And I wouldn't be happy if poorly implemented IPS made exits unpredictably unreliable. On the other hand, IPS that only blocked automated crap would be a win for real users, relay operators and ISPs, no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could forget their username. But maybe after 10-20 tries, can't we safely assume that they're brute forcing logins?
No offense to the ISP here (I do think they are within their rights to take this position), but I think relay/exit operators should find ISPs that understand Tor and don't demand an IPS. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays