Using Tor at an on-line advocacy org

Andrew Del Vecchio firefox-gen at walala.org
Thu Mar 22 03:53:24 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Phobos,
    We work with the organizations you mention on an ongoing basis.
The problem we have currently is mostly CAPCHA related, and we have no
major issues at this time, however, we were the victim of a vicious
spam attack a few months ago that caused us some major blacklisting
problems. This was par for the course, obviously, but it highlighted
the point that we would be totally screwed if Congress did this to us
for political reasons. Many sites now feature CAPCHA and other
multi-stage implementations that make our back-end work a pain in the
butt.

Speaking of spam, are you familiar with the SPF framework? I recently
read a Linux Mag article demonstrating how it is not all that
effective in stopping spam. Implementation takes only a few minutes,
but should I even bother bringing this up (I'm the IT peon not the one
in charge)?

Thanks,
Andrew

- ----

Frivolous lawsuits. Unlawful government seizures. What's YOUR defense?
Protect your assets, keep what you earn, and generate more income at the
same time!
Visit http://www.mpassetprotection.com/ today.




On 03/21/2007 08:38 PM, phobos at rootme.org wrote:
> On Tue, Mar 20, 2007 at 08:23:32PM -0700, firefox-gen at walala.org wrote
3.6K bytes in 88 lines about:
> : Thanks for the insights so far. I have done some documentation work on
> : the wiki, but I've run out of things to write. What are the areas most
> : in need of documentation that is also NOT programming side, which I
> : don't know much about? I also support the project financially already.
> : Perhaps I can get some of our members to do so as well.
>
>     Thanks for the financial support.  It's appreciated.  The
>     Documentation section of https://tor.eff.org/volunteer.html.en
>     is a great place to look for projects.  #6 may be of interest in
>     helping non-techincal users configure Tor.  Screenshots and easy
>     to follow docs are always a favorite.
>
> : We would be using Tor as a cover for a cluster of e-mail servers which
> : send constituent messages to Congress. Currently, we do this directly,
> : but we've had a few isolated "accidents" in the past that were not
> : explained, and seemed a bit like political censorship, though we can't
> : prove it due to the usual "plausible deniability" that politicians so
> : treasure.
>
>     You're able to mail from Tor exit nodes?  My concern here is
>     that Tor becomes part of the "damn spammer" set and is blocked
>     accordingly.  I'm not sure what response is appropriate here.
>     However, using Tor to defeat smtp blocks turns into that arms
>     race problem again.  Tor, and you by proxy, can only lose.
>
> : I agree that this whole thing may have negative consequences, but
> : would it be possible to configure Tor so that we had a separate node
> : network that was not connected to Tor, at least not as far as end
> : nodes go? This would shift and contain the blame to our participants
> : and not the entire community. Still, governments are famous for their
> : tendency toward collective punishment, so perhaps that wouldn't do
> : much anyway.
>
>     In the end, how is this different than just buying a lot of
>     throw away xen/openvz servers to use for mailings?  Your
>     adversary, in this case Congressional IT, can just block the IPs
>     of your Tor exit nodes.  I mean, sure, you can create your own
>     Tor network distinct from the current public Tor network.  I'm
>     not sure people in Congress IT would notice the difference
>     between the real Tor network and your Tor network.  As you say,
>     they'll probably end up just hating Tor altogether. 
>
>     I don't have a simple solution for you.  I imagine the problem
>     of how to email Congresspeople has been solved.  The EFF, ACLU,
>     and other organizations seem to be able to email reliably.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGAf20gwZR2XMkZmQRA2e8AJsFGbHaRMTJFNo1XuSW60ENK9yPlgCffftj
1my6xG7R9pbc13ceB/dr358=
=CDQG
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list