Delivery-Date: Tue, 26 Jan 2016 04:58:57 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3D3C51E02B8;
	Tue, 26 Jan 2016 04:58:55 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 807082474F;
	Tue, 26 Jan 2016 09:58:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C9DA422061
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 09:58:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3Pno29SaCjCJ for <tor-talk@lists.torproject.org>;
 Tue, 26 Jan 2016 09:58:47 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8F10321655
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 09:58:47 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id A6C511A1BDC
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 09:58:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1453802318; bh=X6hLWz6k0DuNxWkC15BBQsRCnWr3tU1dJzk2eBzlZYI=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=sIy8xMm65mtx/TQtnep55htlCHKXAf40mc9s16Q4uFl/rTHvf/AJ+2S0Gz6QM6Wl9
 zPT35HdR0aDukpjZPtSXJwtv8PUMindEJybcVL1DrIr/BfUb3CjhHhSs/rp49AMHbD
 Z0p84PJmS2e5tORYo3e0kbFuUQ7tFn1iY4b46HV8=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: pickfire) with ESMTPSA id 3C27940133
Date: Tue, 26 Jan 2016 17:58:31 +0800
From: Pickfire <pickfire@riseup.net>
To: tor-talk@lists.torproject.org
Message-ID: <20160126095831.GA28447@alarmpi>
References: <1484141453752577@web9h.yandex.ru>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1484141453752577@web9h.yandex.ru>
X-Info: Keep It Simple, Stupid.
X-Operating-System: GNU/Linux, kernel 4.1.16-1-ARCH
X-Message-Flag: WARNING!! Outlook sucks
X-PGP-Key: http://keys.gnupg.net/pks/lookup?op=vindex&search=pickfire+<pickfire%40riseup.net>
User-Agent: Every email client sucks, this one just sucks less.
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] A multi-layer proof of work system to solve the
 Tor/CloudFlare problem?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Jan 25, 2016 at 09:09:37PM +0100, Cain Ungothep wrote:
>> That way a normal web client, normally browsing a website, would not be
>> impacted from end-user experience, but any automated system (the ones causing
>> problems to Cloudflare)
>
>Why can't people separate Tor from Tor Browser in their minds?  Tor is a
>network transport.  Not all Tor users are lusers sitting behind Tor Browser,
>clicking things.

Nice speech, I don't use Tor browser, I use Tor for almost every
application. I would like to automate a link checker for it, but the
useless Cloudflare broke my script to check broken links.

>For example I have a system-wide Tor daemon, and I use it for a variety of
>different non-interactive things, like news reader updates, automatic source
>code fetches, web-api-related requests, and other cronjobs.  I am not the only
>one.  Shitflare also affects completely reasonable automatic non-interactive
>uses like that.

I do that too, I use Tor for news reader, email client, lightweight
browser, almost everything use Tor, I just don't use transparent
torification for it, I considered it problematic.

>In fact the Great Firewall of Shitflare completely fucks every hope of
>composability of their clients' web sites.

There is a work to get around that, I plan to do an application to solve
those captcha either by using audio captcha or the picture, there is
actually some ways to solve, I just haven't got the idea yet. (Note:
Those captcha is solve-able by machine not human, it is too hard)

>> At that stage Cloudflare, instead of using a Captcha, could also
>> implement an independent Javascript Proof of Work system,
>
>No.  Javascript in the browsers is shit. Shit for security, shit for privacy.
>I consider requiring Javascript for fundamental functionality an affront.

I have no comment for Javascript, Tor browser disable that by default,
but I use javascript most of the time.

>> Maybe it's a bad idea, but the key to be addressed is imho:
>> - reducing the automated attacks from Tor netwok by increasing it's
>> costs while leaving intact the end-user experience on Tor Browser

They can actually not use Tor and instead use botnets, botnets is better
and a lot faster than Tor.

-- 
 _____________________________________
< Do what you like, like what you do. >
 -------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

