[tor-talk] A multi-layer proof of work system to solve the Tor/CloudFlare problem?

Pickfire pickfire at riseup.net
Tue Jan 26 09:58:31 UTC 2016 

On Mon, Jan 25, 2016 at 09:09:37PM +0100, Cain Ungothep wrote:
>> That way a normal web client, normally browsing a website, would not be
>> impacted from end-user experience, but any automated system (the ones causing
>> problems to Cloudflare)
>
>Why can't people separate Tor from Tor Browser in their minds?  Tor is a
>network transport.  Not all Tor users are lusers sitting behind Tor Browser,
>clicking things.

Nice speech, I don't use Tor browser, I use Tor for almost every
application. I would like to automate a link checker for it, but the
useless Cloudflare broke my script to check broken links.

>For example I have a system-wide Tor daemon, and I use it for a variety of
>different non-interactive things, like news reader updates, automatic source
>code fetches, web-api-related requests, and other cronjobs.  I am not the only
>one.  Shitflare also affects completely reasonable automatic non-interactive
>uses like that.

I do that too, I use Tor for news reader, email client, lightweight
browser, almost everything use Tor, I just don't use transparent
torification for it, I considered it problematic.

>In fact the Great Firewall of Shitflare completely fucks every hope of
>composability of their clients' web sites.

There is a work to get around that, I plan to do an application to solve
those captcha either by using audio captcha or the picture, there is
actually some ways to solve, I just haven't got the idea yet. (Note:
Those captcha is solve-able by machine not human, it is too hard)

>> At that stage Cloudflare, instead of using a Captcha, could also
>> implement an independent Javascript Proof of Work system,
>
>No.  Javascript in the browsers is shit. Shit for security, shit for privacy.
>I consider requiring Javascript for fundamental functionality an affront.

I have no comment for Javascript, Tor browser disable that by default,
but I use javascript most of the time.

>> Maybe it's a bad idea, but the key to be addressed is imho:
>> - reducing the automated attacks from Tor netwok by increasing it's
>> costs while leaving intact the end-user experience on Tor Browser

They can actually not use Tor and instead use botnets, botnets is better
and a lot faster than Tor.

-- 
 _____________________________________
< Do what you like, like what you do. >
 -------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

More information about the tor-talk mailing list