A call to arms: Helping Internet services accept anonymous users

Looking for a way to help the Internet stay open and free? This topic needs some dedicated people to give it more attention — it could easily grow to as large a project as Tor itself. In the short term, OTF's Information Controls Fellowship Program has expressed interest in funding somebody to get this project going, and EFF's Eva Galperin has said she'd be happy to manage the person as an OTF fellow at EFF, with mentorship from Tor people. The first round of those proposals has a deadline in a few days, but if that timeframe doesn't work for you, this problem isn't going away: let us know and we can work with you to help you coordinate other funding.

The problem

We used to think there are two main ways that the Tor network can fail. First, legal or policy pressure can make it so nobody is willing to run a relay. Second, pressure on or from Internet Service Providers can reduce the number of places willing to host exit relays, which in turn squeezes down the anonymity that the network can provide. Both of these threats are hard to solve, but they are challenges that we've known about for a decade, and due in large part to strong ongoing collaborations we have a pretty good handle on them.

We missed a third threat to Tor's success: a growing number of websites treat users from anonymity services differently. Slashdot doesn't let you post comments over Tor, Wikipedia won't let you edit over Tor, and Google sometimes gives you a captcha when you try to search (depending on what other activity they've seen from that exit relay lately). Some sites like Yelp go further and refuse to even serve pages to Tor users.

The result is that the Internet as we know it is siloing. Each website operator works by itself to figure out how to handle anonymous users, and generally neither side is happy with the solution. The problem isn't limited to just Tor users, since these websites face basically the same issue with users from open proxies, users from AOL, users from Africa, etc.

Two recent trends make the problem more urgent. First, sites like Cloudflare, Akamai, and Disqus create bottlenecks where their components are used by many websites. This centralization impacts many websites at once when e.g. Cloudflare changes its strategy for how to handle Tor users. Second, services increasingly outsource their blacklisting, such that e.g. Skype refuses connections from IP addresses that run Tor exit relays, not because they worry about abuse via Tor (it's hard to use Skype over Tor), but because their blacklist provider has an incentive to be overbroad in its blocking. (Blacklist providers compete in part by having "the most complete" list, and in many cases it's hard for services to notice that they're losing contributions from now-missing users.)

Technical mechanisms do exist to let anonymous users interact with websites in ways that control abuse better. Simple technical approaches include "you can read but you can't post" or "you have to log in to post". More complex approaches track reputation of users and give them access to site features based on past behavior of the user rather than on past behavior of their network address. Several research designs suggest using anonymous credentials, where users anonymously receive a cryptographic credential and then prove to the website that they possess a credential that hasn't been blacklisted — without revealing their credential, so the website can't link them to their past behavior.

Social mechanisms have also proven effective in some cases, ranging from community moderation (I hear Wikipedia Germany manually approves edits from users who don't have sufficiently reputable accounts), to flagging behavior from Tor users (even though you don't know *which* Tor user it is) so other participants can choose how to interact with them.

But applying these approaches to real-world websites has not gone well overall. Part of the challenge is that the success stories are not well-publicized, so each website feels like it's dealing with the question in isolation. Some sites do in fact face quite different problems, which require different solutions: Wikipedia doesn't want jerks to change the content of pages, whereas Yelp doesn't want competitors to scrape all its pages. We can also imagine that some companies, like ones that get their revenue from targeted advertising, are fundamentally uninterested in allowing anonymous users at all.

A way forward

The solution I envision is to get a person who is both technical and good at activism to focus on this topic. Step one is to enumerate the set of websites and other Internet services that handle Tor connections differently from normal connections, and look for patterns that help us identify the common (centralized) services that impact many sites. At the same time, we should make a list of solutions — technical and social — that are in use today. There are a few community-led starts on the Tor wiki already, like the DontBlockMe page and a List of Services Blocking Tor.

Step two is to sort the problem websites based on how amenable they would be to our help. Armed with the toolkit of options we found in step one, we should go to the first (most promising) site on the list and work with them to understand their problem. Ideally we can adapt one of the ideas from the toolkit; otherwise we'll need to invent and develop a new approach tailored to their situation and needs. Then we should go to the second site on the list with our (now bigger) toolkit, and so on down the list. Once we have some success stories, we can consider how to scale better, such as holding a conference where we invite the five best success cases plus the next five unsolved sites on our list.

A lot of the work will be building and maintaining social connections with engineers at the services, to help them understand what's possible and to track regressions (for example, every year or so Google gets a new engineer in charge of deciding when to give out Captchas, and they seem to have no institutional memory of how the previous one decided to handle Tor users). It might be that the centralization of Cloudflare et al can be turned around into an advantage, where making sure they have a good practices will scale to help many websites at once.

EFF is the perfect organization to lead this charge, given its community connections, its campaigns like Who has your back?, and its more (at least more than Tor ;) neutral perspective on the topic. And now, when everybody is sympathetic about the topic of surveillance, is a great time to try to take back some ground. We have a wide variety of people who want to help, from scientists and research groups who would help with technical solutions if only they understood the real problems these sites face, to users and activists who can help publicize both the successful cases and the not-yet-successful cases.

Looking ahead to the future, I'm also part of an upcoming research collaboration with Dan Boneh, Andrea Forte, Rachel Greenstadt, Ryan Henry, Benjamin Mako Hill, and Dan Wallach who will look both at the technical side of the problem (building more useful ideas for the toolkit) and also the social side of the problem: how can we quantify the loss to Wikipedia, and to society at large, from turning away anonymous contributors? Wikipedians say "we have to blacklist all these IP addresses because of trolls" and "Wikipedia is rotting because nobody wants to edit it anymore" in the same breath, and we believe these points are related. The group is at the "applying for an NSF grant" stage currently, so it will be a year or more before funding appears, but I mention it because we should get somebody to get the ball rolling now, and hopefully we can expect reinforcements to appear as momentum builds.

In summary, if this call to arms catches your eye, your next steps are to think about what you most want to work on to get started, and how you would go about doing it. You can apply for an OTF fellowship, or we can probably help you find other funding sources as needed too.

Seth Schoen

August 30, 2014

Permalink

Thanks! I hope somebody picks this up and runs with it! It's a very important topic that needs attention from smart people.

Seth Schoen

August 31, 2014

Permalink

Back in 2013 I had been a viewer of slashdot for years. Then I decided that either I wanted https for pages, or Tor, or better both. Slashdot did not provide https and was blocking Tor (you got to see the first page and then it started blocking). So, I moved to reddit where I get both. Vote with your feet, as they say.

Right! But I bet Slashdot had no idea how to quantify the number of people jumping ship because of its lack of https, or jumping ship because of how it treated Tor users.

So if they start out assuming that people who care about https / people who use Tor are jerks who bring no value to the site, they could easily conclude "good riddance" and never know what they're now missing.

That's where the social science aspect of this topic comes in: how do we quantify what Wikipedia is losing when it chooses to discard the perspective of people who care about privacy? Until we have ways to answer questions like that, we'll be stuck in a "you're missing out!" "screw you no I'm not" circle.

(Wikipedia is also interesting here in that some places in the world censor access to Wikipedia, and then Wikipedia in turn censors those users when they show up via Tor.)

Wikipedia doesn't realize how they are shooting themselves in the foot. The Wikimedia Foundation's status as a nonprofit does not obscure that their "business model" is "user-generated content". Yet without stopping to consider how much they depend on the generosity of faceless nobodies, they exclude contributions by anonymous nobodies.

I frequently get the urge to fix or contribute something on Wikipedia. Usually it's a matter of typos or grammar, or perhaps the addition of a reference. Occasionally, I see an opportunity to add substantial text on a topic I am well-qualified to address. But Wikipedia's anti-Tor policy gently reminds me that perhaps I really shouldn't contribute unpaid time, effort, and brains to their glorious informational empire.

I am proud to use Tor; and if I want to volunteer, I prefer to do so where I am wanted. As such, I actually thank Wikipedia for signalling me that they do not value my potential contributions.

i can only second that.

just as anon said above they lose many contributions (wikipedia) or customers/revenue stream (other sites). mine, too!

so, this project can really benefit the internet community.

thanks, arma!!

I used to be a prolific Wikipedia editor, and their anti-Tor policy had always rankled me. In fact, Wikipedia's anti-Tor policy is how I learned about Tor (and nine years later they're still shooting themselves in the foot).
Many years ago one user was nominated for adminship, and would easily have gotten it until a "checkuser" revealed that s/he had sometimes used Tor to edit, and because of that, had no hope of ever becoming an admin, which goes to show how stupid their policy is. They are shutting out so many great editors, including from China and Iran.

(slashdot aborter): Apart from my belief that this is an excellent project, developing a way to inform site owners about *why* people leave (the different categories, https, tor etc.) may be one of the best things to come of it. For that is influence.

how do we quantify what Wikipedia is losing when it chooses to discard the perspective of people who care about privacy?

I think this is an excellent way to phrase the question.

Beyond simple IP-based blocks, I've found countless bugs in projects on code.google.com for which I'd love to contribute a bugfix/workaround/description, but I'd need a Google ID (implying cellphone verification) to do that. Too bad.

My latest problem in my battles after having my google compromised over and over is exactly as you stated - cellphone verification which would further compromise my safety. Add to that my particular need to change my pw so frequently that I finally locked myself out due to user error (I didn't commit the final one to memory or write it down) during the middle of a divorce AND the 2-step verification process. My phone disappeared and hence, my main 8+ year of files, etc google account was deleted after 4 months since I could not sufficiently verify that I was in fact, the owner of my own account. By now due to a stalking issue, I have a ridiculous number of gmail accounts that I've opened and not ever returned to lest I compromise myself further or lest that be one of the main ways I'm being tracked... I can't pretend to have the knowledge that my stalker does as global IT director of a major corporation.

By now I'm so used to constantly losing data and electronics that the only reason I care much about the same old song and dance is that what I want most is to be able to log into my last youtube account. However, that requires me to open a google account which in turn requires me to provide a phone number. I have reached a point that I won't carry a phone with me due to the whisper mode listening in not to mention the GPS tracking though I'm certain there's one on my latest vehicle due to recent events. It seems I cannot get new electronics protected fast enough as he now gets in so quickly that it makes me dizzy - I can't cover all the bases I even know about before he's already infiltrated my brand new electronics and tools. I'm at a loss but this time around I'm using TOR which I only knew about due to SR and never considered it for more legitimate needs to actually ensure my ongoing ability to live - much less have any peace.

I found this page because one of the ways he was getting in a couple of years ago was with fake captchas that used most scripts from google except for one that when I looked at the source, went to a non-google site. It became apparent when I'd not enter the captcha that said I could not use google if I didn't - but if I closed out the window and reopened, I could move forward. The older ruses were more easily recognizable.. the google and yahoo captcha trick reeked of sloppiness as far as the logos being slightly out of focus AND I recognize the font he uses which after years ago managing a site together, I recognize his design work.

Since I'm not too familiar with all the ways I can use TOR to help this situation, I've checked too many unknown to me options in the settings. Tons of search strings or sites I try to access have a google-based captcha that looks archaic but I think that's because i have scripts, java, flash mostly off as I'm getting my bearings.

I guess it's a good thing I cannot access saving playlists in youtube since every time my last PC and set of email accounts are rendered useless due to sabotage, I lose my access to those playlists. SO this has made me begin to do what I should have been doing all along which is to create a local file collection of music. Obviously that makes more sense and then my media can be accessed without ever getting on wifi or the net at all which is where I'm headed after almost two decades of this BS. Seriously, I'm near the point, despite being a CIS major and making my last living via PC... and despite it becoming my practically only meaningful socialization since this abuse has me in complete isolation - I'm about to wash my hands of technology and that's a shame as it's essential, what I love and my mainline to the world -
like most other people here, I'd venture to assume.

I wish I could help in your cause. Even though I stumbled upon this trying to ease my mind on the captcha situation, what you wrote is powerful and compelling. I really have enjoyed all comments I've read so far and if I had the means, this is a cause I could dedicate myself to due to what I've gone through so that perhaps others might never fall victim to such abuse in the first place.

No matter what the reason, every person has a right to personal privacy and thus freedom. It's simply appalling how it seems our society is moving away from the true intent of democracy. It seems once the information age became a reality and the global community united, it has fed government control and increasingly powerful laws and agencies that look almost like we are headed toward a police state. Some of these umbrella laws give the powers that be the ability to incarcerate or otherwise take away constitutional and human rights of a person for seemingly any reason that can be fabricated.

I know I'm way off topic. As I've watched the net propel us forward at the speed of sound and open up the world to anyone with access, it seems to be feeding all the loss of personal freedom by those in the highest ranks who have the power to take away our rights. That's just how it seems to me when I recall the days that they told us one day we'd talk to people on the other side of the earth in real time and how it'd make the world united and a collective consciousness. It was fascinating to watch unfold. I remember the first company for which I worked that allowed the internet to your average worker made me cringe thinking of all the loss of productivity I envisioned as left unchecked, I imagined the vast majority of the mediocre masses wouldn't do any work but simply surf the net all day.

It seems that no one knew what to expect or what would truly unfold so quickly that it made the Internet seem like a mysterious and dangerous force - which seems to have made the power of the Internet a threat to those who wield power over the masses which consists mostly of people who were the most resistant to the Internet and prone to resisting the rapid changes, unwilling to learn new things and not willing or able therefore to see the benefit. In my own experience, unfortunately the Internet is a dangerous weapon that is being forged against me. I can only still wonder what comes next as things continue to unfold.

Thanks for your story.

One note of caution -- if the way your stalker is getting to you is by running spyware on your computer, then Tor won't be able to help you as much as you want. Tor assumes that the computer it's on is safe, and the network it's using is unsafe. If the computer is unsafe too, there are far fewer options for keeping your privacy.

Good luck!

yeah I'm just sick by now. It seems to me that as long as my GPS location is known there's no escape from years of experience making my known location even when I try to run obviously known. The saddest thing is the statistical outcome for victims who were in my position in a study of only 6 months of terrorism were one of 3: suicide, homocide or complete abandonment of technology. I can't deny that after all these years I haven't changed into a person who thinks of all those things or a combination of them on a daily if not multiple times per day. I just can't escape and if I even call a number I've ever called before - that gets me. I can't warn every person I meet to remove the battery from their phone before ever coming within so many feet of me.., it's an unreasonable and irrational request by all appearances to really anyone who hasn't been living through this. Denial kept me blind and thus so far behind in what seems to be an ever accelerating game when all I really seem to be able to do is obsess and say to self, why can't we just have peace. It's like a twisted, sick mockery of Groundhog Day. Thanks for commenting. I'm trying not to lose all hope or sanity but there's no doubt it has taken a huge toll on me. I feel totally powerless and as far as all I've tried to do - that seems to be actually completely true. I guess one good thing came out of it - I'm no longer lacking a Higher Power and relying on it constantly. I guess it takes what it takes. I just wish I could make it stop because I truly wish no harm to anyone. I don't wish to expose what only I know and I pose no threat if that's the object - to eliminate me as a liability. It goes so far beyond that, though since it's sociopathic and falls into Antisocial Personality Disorder as the core Axis I disorder. I can't pretend to understand that side of the obsession and compulsion but I do take responsiblity for my part and now my total OCD on the opposite end of the spectrum. I couldn't see it even though it was so obvious due to complete denial until I could no longer ignore it. It feels like an unstoppable sequence of events that won't end well. Aside from not wishing to due any harm, only wanting to have a chance at peace for each of us, the reality is that when I did try to seek LE assistance, I was falsely arrested a year ago and then the exact same thing just happened so I'm still reeling. Both times my place - different places were broken into and all electronics stolen aka evidence. I'm starting to realize he is incapable of stopping and now I'm under community supervision. I mean it was so obviously a set up just like last year but last year it was all dropped and I heard whispers of an IA investigation. They just wanted it to go away. This year LE began hassling me days in advance and somehow knew exactly where I would be and at what time. I'm just reeling from sitting in county jail and now being under total supervision and unable to run - well I could - for the next 3 years. I feel so screwed which I'm sure is the point. Anyway, I'm so sick of it but can't stop trying to figure out any way out making mistake after mistake further burying myself. It's just tragic. I never have really shared about it as I feel it's all being read anyway but at some point I have to talk to anyone, even anonymously as far as everyone but the perpetrator is concerned. You know wish in one hand and ____ in the other and see which one gets full first comes to mind. It serves no purpose for me to talk about it, I don't think. I don't know. Anyway, thank you. I appreciate that someone even heard me. =)

It seems to me that if a website,whomever it may be,that will not allow a user to access their site,that is blatant DISCRIMINATION! NOT ALLOWING FREE WILL,unless its on there terms.

Seth Schoen

August 31, 2014

Permalink

Since I believe in direct action I decided to mail admin@wikitravel.org the following letter some months ago. wikitravel.org is blocking all tor exits from viewing content.

"Hy,

I noticed that wikitravel.org does not load when viewed from the Tor
network. Tor is a privacy and anonymity network used by many different
people, sometimes because they are being censored. For more information,
see TorProject.org.

Wikipedia has chosen to block all Tor users from editing its pages, but
users can still load and view wikipedia pages. It is unfortunate to see
that WikiTravel has chosen to block every connection to the Tor network
outright. WikiTravel also does not support HTTPS, which further
complicates privately viewing a WikiTravel webpage.

Would it be possible for WikiTravel to unblock Tor users from viewing
the website, but e.g. only block them from editing pages?

Kind regards,
A Tor user."

The next day I received the following reply from aleksandra.wocial@internetbrands.com :

"Hello,

thank you for your email. I send today a request to our Tech team asking about it. I will let you know once I hear from them.

Warm regards,

Aleksandra Wocial
Online Community Specialist
InternetBrands.com"

I have mailed her one time since asking if she would get back to me but haven't heard from her.

Since they (InternetBrands and Wikitravel) have not made public what consideration they give to Tor users, maybe we should collectively ask/mail them in order to get this issue on their radar. I suspect that Wikitravel doesn't realize they are blocking Tor, and that they would prefer to let Tor users read (not edit) their site.

R.

Yep. Part of what we need to do is a) reach out to actually make and sustain a social connection with this 'tech team', to help them understand what the issues are and why they should care, and at the same time b) try to get a handle on what blacklisting infrastructure they use, in case as you say they don't even know they're doing it.

Seth Schoen

August 31, 2014

Permalink

I think, Tor should adopt the ORB mechanisms of the UKUSA services. No hacking, but if a website blocks Tor, have a repository of open, "anonymous" HTTP/HTTPS/SOCKS proxies, attach one of them and forward the traffic from the exit node to them. The only way for me to go to some .mil sites is to choose an open proxy from one of the known lists and forward the Tor traffic with Privoxy.

That leads to further steps in an arms race that I'd rather not play. Once we start taking tips from spammers on how to not get censored, we shift the perspective that people have about us, which could end up making these conversations with the service admins less productive.

Also, there's a scalability / usability question here that is (independently) tough to tackle.

Adv. et al. - and others ('et al.' is used as an abbreviation of `et alii' (masculine plural) or `et aliae' (feminine plural) or `et alia' (neuter plural) when referring to a number of people); "the data reported by Smith et al."

Seth Schoen

August 31, 2014

Permalink

We're running a Tor relay ourselves, but our money-making website blocks all Tor access because we were heavily hit with abusive scraping over Tor that couldn't be blocked differently.

I don't see a practical solution currently, it's not justified for us to keep buying/running more servers just to keep up with abusive accesses over Tor. Perhaps it would be useful to build client-side rate limiting into Tor, so abusers would at least have to put some effort into manipulating their client ...

When I visit websites that use Cloudflare using Tor, I often have to enter a captcha before I can view the site. After I have done this once, I can browse the site freely for the rest of the session. This seems like a sensible way of dealing with the problem of scraping.

This is a recent problem with the Google ReCAPTCHA API. Instead of properly serving a ReCAPTCHA image, it redirects you to a standard Google captcha challenge page, breaking the HTML.

I agree -- so far so good with Cloudflare. But all it takes is one really bad day for the engineering team at Cloudflare, and they might pick a different balance. Now is a great time to establish a relationship so they know who to contact when that bad day starts.

(Also, web services care about scraping for different reasons. Some of them just don't like the extra load that it brings, so a captcha or the like is a fine solution. But others are scared that their competitors will "steal" all of their data. This worry is even true for really big companies like Google worrying that Bing will steal and reuse their search answers. And they could justifiably worry that just sticking a captcha in the way won't dissuade Bing from doing its crawling.)

I disagree: Not so good with Cloudflare. I have observed that when I access a Cloudflare customer's site for the first time in a session, I am almost never blocked; it doesn't seem to matter which exit node I am using; this behavior is opposite that of most other block services, which seem to run on simple IP blocks. But if I click a few more links and/or browse other Cloudflare-ified sites in the same session, I suddenly hit either a captcha or a page telling me to enable JavaScript. If I immediately restart with a clean session (via Tor Browser's "New Identity" button or equivalent), the cycle repeats.

I have not (yet) attempted to rigorously quantify the behavior; and some of my inferences about cross-site tracking may result from coincidence. (Attention all researchers...) But this basic pattern does appear very consistently. Note too that the behavior I describe occurs when I am only passively reading, not posting to forums or the like.

From the foregoing, I infer that:

  1. Cloudflare uses either cookies or some kind of "supercookie" to track sessions, perhaps cross-site and perhaps not.
  2. Cloudflare's motive in this context cannot be the prevention of abuse. Assume the opposite: For very normal websurfing behavior on my part to match an "abuse" signature, Cloudflare's engineers would need to be face-palm, head-to-desk caliber stupid. I absolutely do not think they are stupid; q.e.d.
  3. Cloudflare is deliberately coercing me via "nudge" psychology to either abandon Tor or enable JavaScript. The former offends my privacy, and the latter offends my security.

I suspect that the disabling of JavaScript is the real issue. This raises the question: Why should I trust Cloudflare, trust their captcha provider, trust the site I am trying to access, and trust all that site's third-party ad/widget/button services? Worse still, why should I open myself to the in-the-wild MITM attacks documented via Edward Snowden? Keep in mind, Tor users per se are deliberately targeted[1] for increased surveillance and potential compromise.

The only reasons I can imagine are the twin monsters of advertising and user profiling. Both are bad reasons, and issues in and of themselves. As to Cloudflare, I would appreciate if they would clarify whether they are in the anti-DDoS/anti-spam business, or they are in the business of manipulating me to violate security best practices so I can have more spam ads poured down my throat. Note, I do not take any measures to block simple, same-origin HTML ads.

[1] ["NSA targets the privacy-conscious", Appelbaum et al., 2014-07-03]( http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html )

I can only second that!

I'm pretty much in the same situation, so you saved me some typing, thanks!

one minor nitpick, though:
""Cloudflare is deliberately coercing me via "nudge" psychology to either abandon Tor or enable JavaScript. The former offends my privacy, and the latter offends my security.""

the latter (enabling JS) offends BOTH your privacy AND security:

https://panopticlick.eff.org

try it twice: once with and once without JS: you'll see that you're much more trackable with JS

Question about Cloudflare and enable JS for Captchas: Can the Website see my real IP if I enaable JS so I can enter the Captchas? Thanks.

Without a separate vuln in TOR, no. However, as evidenced by the recent CP busts (To be blunt: I do not download CP nor do I look for it), you cannot be sure that there is not a separate vuln so the best thing to do is to absolutely disable Javascript period.

" Cloudflare's engineers would need to be face-palm, head-to-desk caliber stupid. I absolutely do not think they are stupid..."

I disagree.

I may be wrong but their operating philosophy suggests to me that they are face-palm stupid ..... or perhaps they are simply too full of themselves. I've witnessed this type of conduct a number of times over the years in programming and IT.

Well, that's exactly the sort of thing that we as a community need to investigate further. Maybe there are easy rate limiting mechanisms that can be integrated into many standard server-side configurations? Or inserting enough captchas, or making people login, or requiring their account to have sufficient reputation, or using the anonymous credential systems I describe, etc.

In short, it's the "that couldn't be blocked differently" part that I question. I'm not saying you're doing your job badly, but I think nobody's looked at this area enough to be able to make definitive statements like that one, and it sure would be nice if we could make some of the solutions I described more intuitive and easier to deploy.

Tor could indeed do the client-side rate limiting you describe. In fact, we could do rate limiting per circuit at the exit relays. But I'd much rather have an application-level solution to the application-level problem, rather than furthering the assumption that so many people have that network addresses are the right level for doing abuse control.

Seth Schoen

August 31, 2014

Permalink

I'm a bit confused about the statement

a growing number of websites treat users from anonymity services differently. Slashdot doesn't let you post comments over Tor, Wikipedia won't let you edit over Tor, and Google sometimes gives you a captcha when you try to search

since it is followed by

Simple technical approaches include "you can read but you can't post" or "you have to log in to post".

which seems to condone what was condemned at first.

Also, are CloudFlare and Akamai doing anything to hinder Tor users from the sites they are protecting? Or is the article merely referring to the possibility.

Well, those simpler approaches are way better than doing nothing at all, but I'd sure like to see some solutions for the Slashdot and Wikipedia cases that don't involve keeping those sites read-only for Tor users.

Cloudflare sometimes inserts captchas, and sometimes just gives back failures, but from what I can tell most of the time it works smoothly. I don't know if those are accidents and they notice and fix them, or if they're accidents and they don't even notice, or what.

I've talked to some of the Akamai engineers -- they're all about scalability and laugh at the idea that the load from Tor could be a big deal compared to the load they already see from the rest of the Internet.

So in that sense the centralization is a good thing so far, since it means these larger companies actually have engineers who think about the issues and try to find the right balance.

Seth Schoen

August 31, 2014

Permalink

how about hiding the list of exit nodes so tor cannot be blocked? you could give them to clients like you do with bridges. i guess it would take away some of the safety features for exit node operators. but what would you do if your_dictatorship_country decides that instead of blocking connections from clients to the tor network, they could just block connections from tor exit nodes to servers inside their country?

I'm pretty sure that nobody would be prepared to run an exit node if they were secret. In any case, tor clients need to know where the exit nodes are so that they can build circuits to them.

Most censors are primarily concerned about their own people viewing banned sites, they don't care about foreigners viewing local sites.

The problem is that the users need the list of exits to be able to choose the exits to route through. This is needed for anonymity reasons otherwise the person who told you about the exit can possibly correlate traffic from that exit to you.

Currently, the Tor Project does provide a list of exits which some blacklist providers probably block. But, it is probably best to continue doing this as some of the blacklist providers might create their own Tor blocking methods if this list disappeared. And if that happened, a mistaken implementation might block traffic from the middle nodes too, harming access for those relay operators (assuming they run their relay from the same IP they use for other traffic).

So, it is probably best that the Tor Project maintains this list. Besides, it is also a good way to maintain community relationships because developers have an easy way to block Tor if it is causing a problem rather than being victimized by anonymous traffic. Also, this list is critical for enacting mitigation on a selective basis (i.e., being able to view but not post).

One point that many people seem to miss is that the Tor Project has a social policy agenda intertwined with the technical one - and the former supports the latter. This is indeed the reason for Tor's greater level of success versus other well-known (or less well-known) anonymity systems. A feedback loop is formed between the non-clandestine nature of the network, TPO's promotion and advocacy of responsible network usage, and the provision and expansion of the network itself. (Somebody should write a paper on this, and credit me as "Anonymous".)

Some people need a deeper level of anonymity (rigorously stated: an anonymity set larger than and/or disjoint to "all Tor users"). This remains a difficult problem except, unfortunately, for criminals who are willing and able to use compromised systems. Non-criminals who want or need anonymity don't currently have too many good choices besides Tor.

you are wrong:

We can't help but make the information available, since Tor clients need to use it to pick their paths. So if the "blockers" want it, they can get it anyway. Further, even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see.

you are wrong. you can hand them out like you do with bridges. enumerating them will be hard.

If people want to block us, we believe that they should be allowed to do so. Obviously, we would prefer for everybody to allow Tor users to connect to them, but people have the right to decide who their services should allow connections from, and if they want to block anonymous users, they can.
Being blockable also has tactical advantages: it may be a persuasive response to website maintainers who feel threatened by Tor. Giving them the option may inspire them to stop and think about whether they really want to eliminate private access to their system, and if not, what other options they might have. The time they might otherwise have spent blocking Tor, they may instead spend rethinking their overall approach to privacy and anonymity.

if you give people the possibility to block tor they will do exactly that. they have no reason to care or think about anything. the number of tor users are not enough. also this does not answer
but what would you do if your_dictarorship decides that instead of blocking connections from clients to the tor network, they could just block connections from tor exit nodes to servers inside their country? ("your_dictarorship" got stripped out because it contained some special characters)

Seth Schoen

August 31, 2014

Permalink

TOR should try to get support from big companies like Google and others to run relays or offer their services from inside the TOR network. With backup from big businiss things should go easier especially if it comes to politic topics.

So TOR needs a special Team to mobilize support from big corporations. Perhabs Banks (If you tell them that TOR is a good way to secure theit internal communications against attacks).

Except it wouldn't be a good way to secure their internal communications, it would be passing their internal communications around globally. While they might be encrypted, it's safer to use an alternative that doesn't expose secure data at all.

While logical, I can't say I agree at all. Being eventually bought out by google - or partnering for what is essentially a monopoly like the coupling of eBay and PP while highly profitable only invites hidden agendas and corruption which while individual criminals may utilize the TOR network, that is nothing in comparison to the what I feel is sneaky business practices and big money simply eliminating and taking over the competition. TOR is a beautiful thing and by now, I pretty much believe google is in cahoots with the NSA despite their claims. Again, conspiracy theory but after so many years of them collecting data and never purging it, surely there is something more sinister at work. Corruption is rampant at any corporation if you are privy to it and/or pay close enough attention from the inside - it's simply the way things are. Money breeds money and the classes (lower, middle and upper) never seem to change.

I can't speak for the success of user based funding and what once made Wikipedia a remarkable venture with all contributors feeling a valuable part of the project... yet I along with everyone else couldn't ignore when they began begging for donations.

One idea could be a subscription based enhanced TOR for at least future users since you'd not want to take anything away from those who have been here all along and would want to quietly grandfather them in if TOR made some feature available through a nominal fee... unless some added feature that was highly desirable could be offered as a Pro version versus the ever free version.

Back to making it more of a social movement, costs could logically go down with the more willing to piece meal some of the work utilizing their individual talents for the simple reason of feeling a part of something special. If google or yahoo or any majorly commercial giant asked me to do their work, I'd be appalled. Yet if I could help something I value as I do like TOR, I wish I knew how to help. The loyalty factor and being part of something people really need and covet goes a long way. Even if it's not nearly as fast or clean so far for me, I value the concept over those slight annoyances. My interest in TOR pretty much cancels out any frustration as I understand it's an evolving system with capabilities that make using it invaluable.

It will sell itself now that people are worried about their privacy since the lack of privacy can no longer be denied. I think it's simply a matter of getting the word to everyone using the RIGHT approach. How to present it other than just the original and go to best option for proven and invaluable private internet usage is what I think will be a decisive factor. Then again the privacy factor alone might be everything that it takes to bring the numbers.