[tor-talk] CloudFlare

[grarpamp]

> The IP wont' eventually be pulled if it's on rdsnet.ro. ;)

Sounds like a great place for a wide open exit.. Hey Moritz.. ;)

>> Some of them even have that as their advertised featureset

> utterly incorrect to suggest that ..

"permaban .. eventually pulled .. *Unless their profits come from*"

*caveat supplied*

> small .. run their sites without their servers bogging down under
> the groaning load of scrape bots, hack bots and spam bots hammering
> day in and out?

> dirty IP range

Internet background noise is a hard problem too. So many sources,
so little time to whack them. I'd be tempted to subscribe to a block
service and opt out the Tor IP's as being a moot fraction of that
overall noise and perhaps more user centric than bots or corporate.
The non-targeted noise load doesn't seem much on the screens here.

> you find unfathomable

"They" find unfathomable. Tor testing accounts seemed autodeleted
only from outside the countries/languages catered to (or perhaps
just the profile country). In-country exits did not seem to have a
problem. Unlucky out-country IP's, or shortsighted about their
mobile global citizenry / using Tor at home? As below, cursory
rather than methodical, maybe I'll retest someday.

> unnamed dating service

The data is old, a retest would be needed. Craigslist's more recent
blocking of readers from what really did seem like every exit chanced
upon for a week was much more extensive. Unlucky, or Tor? If they
weren't so far away I'd visit them to ask. Afaik, posting still
doesn't work reliably from Tor, though Torizens can read CL again.

We do now have wildcard FQDN MAPADDRESS which will make testing
things easier. Just waiting on CIDR MAPADDRESS for completeness.

> didn't enquire the reason for the block and moved on

Yeah, I admit it's not very methodical or complete testing yet, and
contact and follow up are definitely lacking due to time constraints.

Actually, and similar to the 'HTTPS Everywhere' and 'Bitcoin.it/Trade'
projects, I think there's a good opportunity for a group to get
together and start a 'Works With Tor' wiki. Listings for categories
of services... news, finance, social, games, IRC, etc. Contact the
services if they don't... that sort of thing.


- Lot of hot button policy things you mentioned, one last note...

We see hands off VPN's, sites, hosts.. in part because, similar to
DMCA / common carrier, touching it can often make you liable. It's
like shoveling and salting your walk. Don't do it and it's just an
'act of God'. But if you do step in and manage it, and something
happens, then you didn't do it properly and you get sued. Similar
happened to someone I knew last winter. Huge payout because they
washed their car, water froze... and well, you know the rest.

I would never trust any dating or social type site, or any online
service for that matter, to protect me and my interests [1],
regardless of whether it's pay or free, or how much data, checking
and exclusion they say they do on other users. They're a business,
not psychics. The majority concern and loyalty of business is to
money... not to my personal individual real world well being.

Look at the Tor website... one of its main, and really great use
cases, is right there on the front page, 'Family & Friends... use
Tor to protect themselves'. Users are learning about the world and
taking independant responsibility for their own well being, in part
because companies, governments and people are failing or abusing
them. Whether running nodes, bug reporting, or talking with people
about Tor, it feels pretty good to be a part of that well being :)

Some of the "we're a safe place" marketing, glossing over and user
moderation going on out there does seem to create some false sense
of security. That causes people's knowledge and natural guard to
drop and then exploits to go up as a result. That's a cause for
concern.

[1] I sorta trust my bank even though little interests paid :)


>> When they block users without individual cause, they deny them
>> the right to participate in that part of society.

> The place where you are going wrong is not understanding *who*
> gets to decide on what constitutes individual cause for being
> blocked.

I don't believe it's right to block potential service users, before
they can individually show themselves as spam or ham via some level
of site usage, merely for using Tor. Before that point, they are a
mixed class carrying the Tor banner. If a site wishes to discriminate
against the entire class, that's their thing, we can't stop them,
or convince them with mass appeal, for now. We can only try to
develop better methods together.

Curiously, the EFF suggests that an IP address (perhaps even a
telephone) is not a user and vice versa. And some courts have now
confirmed that suggestion up against complaints that they are
equivalent. How long until the Tor users begin lodging that same
suggestion up against services? ;)

> Amazon.com blocks people living in states with certain types of
> salestax laws

That is because it is a matter of law, not whim.

> not about "warfare between businesses :)"

Blog versus 'hosted commercial seo/scrapers/etc' is essentially
b2b. There are no Tor end users in that picture. It is even more
off topic than other elements of this subthread :)

> being open only 8 hours a day [is] allowed

That is because users and business agree on this. A survey of Tor
users is unlikely to agree with shutting them all out merely for
using Tor.

> permit you to check out library books with no identification

Books, movies, tools, anything rented... they already handle cash
and accounts, they could very easily maintain a full cash deposit
up to your chosen checkout limit. I did rental once, somewhere
around ten during my time demurred about signing, giving info or
credit. I said ok, gave them John/Jane Does and dropped the cash.
Best repeat customers ever.. serving anonymity with a smile works :)

> access to services with HTTPS and TOR

Some might consider that a social responsibility these days. If
that's part of why some very popular sites have now provisioned and
allow this, that's a good thing.


> canceling your service . posted . banned you . offensive
> your desire to mask your activities from your employer
> your visiting a data site using company time or resources
> [similar language/tone throughout these areas]

No, and no thank you!

Among various services... twitters, facebooks, dates, blogs,
forums/lists, wikis... I keep up with a number of them for hobby,
utility, work/personal, fun and so on. My employer has a flexible
work/life policy that permits responsible use of their network. So
be a little more careful before suggesting that I or anyone else
are out here breaking laws and policies, trolling the net, from
their workplace, over Tor, in order to carve up their dates, con
people, adulterate and generally be Dr. Evil ok. That's serious
talk, it's false and it's not appreciated.


> pasted the title from the digest ... explain how to avoid dethreading

If available in the digest, the original Message-Id can be copied
to an In-Reply-To header via a header editing mailer such as Mutt.
Alternatively, supplying the identical 'Subject: CloudFlare' would
allow simple subject threading in the MUA. My own use, in part due
to Gmail, isn't always great either. Using peoples names in the
subject still isn't good though, better to go off list in that case.

Anyway, back to Tor :)