[tor-talk] CloudFlare blog post
Joe Btfsplk
joebtfsplk at gmx.com
Thu Mar 31 16:27:24 UTC 2016
On 3/31/2016 12:25 AM, Andreas Krey wrote:
> On Wed, 30 Mar 2016 15:19:09 +0000, Joe Btfsplk wrote:
> ...
>> At times, Cloudflare or some sites may say, "Gee, whiz - we're not
>> blocking TBB intentionally. We're working on a solution."
>> But I don't buy that 100%. It's possibly just a politically correct
>> excuse vs. saying, "We can't track you around the globe / make $, so we
>> don't want you taking up bandwidth or other resources (like site tech
>> support, etc.).
> It would be quite a lot of effort to do that this way, especially since
> the (preliminary) outcome is the same - sorry, it won't work any better.
>
> What I wonder is how they want to make a difference using .onion addresses
> for their customers - tor crawlers can take that redirect just so.
Andreas, sorry - don't understand part of your comment.
"It would be quite a lot of effort to do... *what?*... this way... -
sorry, it won't work any better."
Are you saying they it's a lot of effort for them to block Tor / TBB?
Or any browser - with any particular addons / plugins, settings, for
that matter? I'm no expert, but IIUC, it'd be very simple.
Just script, If Browser=TorBrowser, then captcha response =
"incorrect." Or TBB users must enter correct captcha a minimum of X
times before accepting, etc.
>> And for all the other sites that don't use Cloudflare (or other
>> unsolvable captchas), but don't block TBB, if _"90+% of all Tor traffic
>> attempts something malicious_," then how in the world do all those sites
>> stay in business / stay up & running?
> 90% of tor traffic isn't 90% of total traffic.
True. Neither CloudFlare CEO nor I said it was. He said, " ... "94% of
requests that we see across the Tor network are _per se_ malicious,"
(what ever he means) w/o backing up the statement.
Again, if what CloudFlare CEO said is true, I don't see how other sites
not using thier captchas & blocking Tor, keep running.
I've seen Cloudflare on low value target sites, like wood screw mfg info
sites & similar. Unless other screw mfgs are sabotaging them, I doubt
much malicious activity is directed at such sites.
94% is saying essentially ALL Tor traffic / requests are "per se"
malicious or use inordinate amt of resources. That leaves me & 6% of
users that aren't.
Maybe ? he's counting crawler *individual* requests - page by page - as
malicious? They might make many more requests than real users, thus the
94% claim?
His statement(s) & reasoning about blocking Tor still seem strange. As
they say, "follow the money trail." "Money trumps all other reasons /
motives."
I still say trackers aren't going to pay sites for TBB traffic. Don't
say, "You're using Tor - get lost" - bad for public relations. Instead,
play dumb & covertly discourage (some) Tor users - so they access the
site w/ unhardened browsers.
Can't sites tell the difference in actions of crawlers & real users?
I'm sure some use browsers other than TBB for crawling & malicious
activity. Can't sites block / time-out crawlers from continuing to
access entire site, once it becomes apparent - regardless of which browser?
I get "time outs" from making 2 very narrow term searches in < 2 min. or
so, on some sites I'm registered on & participated - for a long time.
Why can't sites do the same w/ crawlers' rapid, repeated requests?
> Also, e.g. those sites
> will just see that the email addresses they publish are getting spammed,
> but they won't even make the connection to crawling via tor.
>
Don't get the connection between this & the issue of Tor being blocked
by Cloudflare.
More information about the tor-talk
mailing list