[tor-talk] Tor and Google error / CAPTCHAs.

Alec Muffett alec.muffett at gmail.com
Mon Oct 3 15:16:12 UTC 2016


On 3 October 2016 at 15:43, <blobby at openmailbox.org> wrote:
>
> But a point might be: tor exit nodes are public but SOCKS proxies are not.
> Unless you tell me otherwise, I don't think there are centralized databases
> of SOCKS proxies.
>

Let me make an even more generalised statement:

"There are centralised databases of {many IPs or Subnets which appear to
emanate badness, aggregated across the experiences of many companies}"

Here is just one of many, and this one at least is open to participation:
https://www.facebook.com/notes/protect-the-graph/understanding-online-threats-with-threatdata/1438165199756960/
- and there are many more, often closed.


Now my suspicion is that you will say: not the point. People will be
> messing around with said SOCKS proxies (the aforementioned scraping for
> example) and hence it's irrelevant whether there's an accessible record
> that said IP is a SOCKS proxy. Yes?
>

Given the assertion I make above, and the evidence that I provide for it, I
believe my responding to this is moot?




> Just one more point: one can use http://www.ip-score.com/ to check
> whether an IP is on any blacklists.


I daresay it checks _some_ of them, I don't know how often, plus - you know
- companies are at liberty to do their own tracking of badness and come to
their own conclusions.


I've occasionally found proxies that are 100% clean. Yet still I get asked
> for a CAPTCHA when using them.


Yes.  I've been trying in the last few emails to dispel the notion that
there are any "hard and fast", absolute, 100% correct for all time, rules
about this sort of thing.  Evidently I have not yet succeeded.  :-)

TL;DR : it is pointless and verges upon stupidity to attempt to draw
conclusions about spamfighting behaviour on the basis of
small-to-even-medium-size amounts of experiential reporting.

Perhaps you were carrying around a tainted cookie from some previous
attempt?

Perhaps one of the systems "burped"?

I cannot tell you why, and without a reproducable case the platform in
question probably will not be able to tell you why, either.



> This is, I suspect, because http://www.ip-score.com/


...and that's my point.

You/we are all speculating.

Why bother?  Speculating will not actually change anything.


If we want to have a better experience when using <WEBSITE> over Tor, what
needs to happen is for <WEBSITE> to:

a) learn to value the people who use <WEBSITE> over Tor, and...

b) do some work on behalf of the people who use <WEBSITE> over Tor

All that speculation does is stoke the whining and pseudoscience of "enable
this, disable that, stack a proxy atop/beneath the other, it must be
something to do with geolocation".

Perhaps it _is_ something to do with geolocation - today.   Tomorrow it
might be something else entirely.  On wednesday perhaps a gang of Ukrainian
scraper-noobs will burn your favourite SOCKS relay and it will go onto the
"naughty list" for a month, as a result - and then another company might
take a copy of that part of the IP reputation database and sell it to a
bunch of banks and newspapers as "fresh security data" for six months,
propagating the hassle.

So: do you want to waste time speculating about who told what, when, and
why, and reverse-engineering flaky databases of IP reputation and
blocklists?

Or would you prefer to work to get better access through engagement?

The latter strikes me as far more constructive.

    - alec


-- 
http://dropsafe.crypticide.com/aboutalecm


More information about the tor-talk mailing list