Scroogle and Tor

Matthew pumpkin at cotse.net
Sun Feb 13 21:12:08 UTC 2011



On 13/02/11 19:09, scroogle at lavabit.com wrote:
> I've been fighting two different Tor users for a week. Each is
> apparently having a good time trying to see how quickly they
> can get results from Scroogle searches via Tor exit nodes.
> The fastest I've seen is about two per second. Since Tor users
> are only two percent of all Scroogle searches, I'm not adverse
> to blocking all Tor exits for a while when all else fails.
> These two Tor users were rotating their search terms, and one
> also switched his user-agent once. You can see why I might be
> tempted to throw my "block all Tor" switch on occasion --
> sometimes there's no other way to convince the bad guy that
> he's not going to succeed.
>

For the less than knowledgeable people amongst us (e.g me) who want to 
learn a bit more: what was the rationale for those two Tor users doing what 
they did?  What do they get from it?

Incidentally, I use the SSL version of Scroogle (sometimes with Tor, 
sometimes without) because a) no CAPTCHAs b) I appreciate your 
privacy-minded ethos (ideology).  It would be a shame if you had to block 
Tor users because of an abusive minority.

> When a nonprofit such as the Tor Project or Scroogle offers a
> public service, the script kiddies should have more respect.
> I don't expect everyone to donate to Tor and Scroogle, but I
> do expect that no one will steal time and effort from us.
>
> By the way, my "block all Tor" options for my Scroogle servers
> use an expanded definition of which IPs are Tor exit nodes.
> I pull the blutmagie.de exit node list, or the torproject.org
> exit node list (both port 80 and port 443) once per half hour,
> alternating between the two sites.
>
> One custom switch I use is a cumulative list from yesterday and
> today, all in one list with duplicates purged. The other switch
> I created is a moving cumulative list from today plus the
> previous six days.
>
> Why do I do this? Well, Tor's DNSEL using "dig" is too much
> overhead, compared to searching a sorted list on my servers.
> But the available exit node lists from the Tor directory are
> strange, to say the least. The list size from blutmagie.de can
> be as much as several hundred IPs different than the list from
> torproject.org, even within the same one-hour period. Moreover,
> they are extremely dynamic. While the current list is usually
> around 1100 IPs, the cumulative list from yesterday plus today
> is usually about 2600 unique IPs. The list from today plus the
> six previous days is anywhere from 4500 to 7500 unique IPs.
> I've been watching these numbers for over a year now -- take
> my word for it that what I'm describing is a consistent
> pattern, not some momentary fluke.
>
> I'm getting to the point where I'm tempted to offer my two
> exit node lists (yesterday plus today, and previous six days
> plus today) to the public. If I had more confidence in the
> lists currently available to the public, I wouldn't be
> tempted to do this.
>
> -- Daniel Brandt
>
>
>
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list