Delivery-Date: Fri, 13 Mar 2015 01:30:26 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id CCF3F1E02C4
	for <archiver@seul.org>; Fri, 13 Mar 2015 01:30:23 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 368A633DD3;
	Fri, 13 Mar 2015 05:30:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 446F633DC7
 for <tor-talk@lists.torproject.org>; Fri, 13 Mar 2015 05:30:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kfmvAEs59oUG for <tor-talk@lists.torproject.org>;
 Fri, 13 Mar 2015 05:30:16 +0000 (UTC)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com
 [IPv6:2607:f8b0:4001:c03::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1E55E33DBE
 for <tor-talk@lists.torproject.org>; Fri, 13 Mar 2015 05:30:16 +0000 (UTC)
Received: by iecsl2 with SMTP id sl2so83713691iec.1
 for <tor-talk@lists.torproject.org>; Thu, 12 Mar 2015 22:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=RWrnt61tkeD+z0zD9/eyOVvIREUqHnHdpoJcXxfQq/A=;
 b=Cz9Np/68j5ShHBiD+urKLScDR2hEdCmNzA8WSZHCeypGzzDAc8nS0V2l19JBCsyp+8
 ZhEefxGa7PwFjhX+aXAjVQ6gbBSf9Az5bdM9hQKjqzSYBHwJhYtHaOBn/XGgd33/r8M5
 Mt1IRoUauP3egB5XhOP42YwA5eeFOKmOz7tmHbFp3FCmG+EI98u62zuVGMYj83O0z6h/
 N1Kks0Hkzn8gwzDAJkeIrKII+HN8ImI2lZQGbkgn+bRfCbz4FcHHjzAL3Y3V+dbaacDM
 ghK4VkU0/NulEyzMhjEdEuIxApLzJHnI/pe/xMcSfukebfobH4EvBgOHHgHqQcW6Y+2u
 pwBQ==
MIME-Version: 1.0
X-Received: by 10.107.7.141 with SMTP id g13mr45651658ioi.52.1426224613762;
 Thu, 12 Mar 2015 22:30:13 -0700 (PDT)
Received: by 10.36.104.78 with HTTP; Thu, 12 Mar 2015 22:30:13 -0700 (PDT)
In-Reply-To: <54BFFD60.5010106@hireahit.com>
References: <CAD2Ti2-Jb4SJ7v+A_L9As5-x=H8oK4nBHG5mghkZqD5eBQybSA@mail.gmail.com>
 <54BDE833.30503@mykolab.com> <op.xsqyi4ogbgbjo9@work-pc.lan>
 <54BEC57F.7020705@umail.iu.edu> <op.xssa5g1jbgbjo9@work-pc.lan>
 <54BFFD60.5010106@hireahit.com>
Date: Fri, 13 Mar 2015 01:30:13 -0400
Message-ID: <CAD2Ti28Hd6sq2Q9-QJFJQmsfD1KFdPNz=ZQihDdBiy1APi1U8A@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Craigslist now blocking all Tor IPs? Template for
	anyone:
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Comment mashup...

> I think Yelp blocks Tor for a similar reason to why Craigslist blocks
> Tor -- their value-add is their web pages, and if their competitors
> "steal" their web pages, they've got nothing else.
> That kind of business model leads to jealously guarding all of their
> pages from being crawled or otherwise viewed en masse -- which in turn
> leads to being angry and bitter at every new Internet technology.

Craigslist is relatively unusual in that they do not require an
account to view and reply, or even to post (that is, if users can
figure out what they mean by not needing an account). There is merit
in that usage model.

I'd be curious to know if they're using any antispam discriminator
engines, markov windows, adaptive statistical, bayes, etc. Those
combined with user ham/spam/moderation and captcha seem pretty
efective in email. No reason they can't be applied by typical site
operators whining about "comment spam".

Blocking IP's and phones and emails seems the cheap way out, as
opposed to integrating real protections in depth. To be expected
with todays silly startup business models where everything is an
afterthought.

> If someone logs into Yelp as the business owner and as a reviewer
> from the same IP, they would make such review "not recommended"
> (previously they made it "hidden" and protected with captcha). And
> possibly flag the whole business as suspect for writing false
> reviews. Yelp also sends businesses monthly reports

So when a restaurant has a single external IP rigged into its back
office, floor systems, and free wifi for patrons (a very common
architecture)... yeah, that makes a lot of sense... not.

> with new IP address in numerous cities all over the globe in a
> matter of minutes

> tough to make cloud IPs look and act the same as residential IPs

Tor enables global access for research, that's a good thing. Another
thing Tor users are doing is bravely pushing legal boundaries with
residential exits. Hopefully someday this will result in no more
raids based on silly internet packets.

> Tor exit nodes, on the other hand, have a lot of human shields
> using them too, so it makes it a lot harder to narrow down a
> specific "bad actor" without also hitting actual users.

Good, maybe then we can get the world off the "IP = user" mentality,
while gaining all this human legitimacy to Tor network thus making
people think twice before blocking it.

> It used to be that craigslist page loads via Tor were just painfully
> slow, which could have been a rate limiting strategy to combat
> scrapers, now they just ban it all together.

At the moment, no, not entirely.

The thing with the various unpublished blocking methods of various
websites is that legitimate users don't know how to fit in as good
and privacy conscious participants. Are they supposed to buy a new
phone every month? Stay in a certain city? Etc. Illegit users will
figure all this out. But it's harmful and expensive for the legit
ones who login the next day to only to find some unwritten automaton
rule wiped them out. And with CL, they completely ignore your
inquiries.

> I'm curious why Craigslist doesn't just sell their listing data via
> API access to companies like Padmapper, that would be a win-win.

They're probably worried about dilution. Has Craigslit ever sued
any other sites that have a similar listing model?

> Because they're actively hostile to creating a better user
> experience.

Craigslist seems a bit weird with their users, philosophy, and tech.

> I am a bit mixed about whether reducing anonymity is a good thing
> or not for a site that is ultimately centered around people
> interacting in real-life.

Reducing anonymity is definitely not good. The only one who can
truly look out for you is you. The phrase "911 is a joke" exists
for a reason. When you realize this, and begin to develop your own
strength, all of a sudden your own anonymity becomes paramount and
integral to that such that you are willing to accept the other side
having it too. It is one of the great equalizers, with it no one
can rule over you. And "data" wise, certainly not unjustly behind
your back without your consent. Phrase "buddy system" also exists
for reason.

> [blocking yields] massive collateral damage to privacy seekers though.

You want damage? How about another form of human rights abuse?

One thing their users do not know is that Craigslist keeps every
single post that has ever been posted on their site forever. Knowing
them, you could assume that means not just the text of post content,
but all the post pictures, related email addresses and phone
numbers... and all the relayed email content as well.
Given all the categories of posts and replies their users make,
this is a thoroughly dispicable invasion of personal privacy...
there is absolutely no legitimate reason for it whatsoever... and
their users are completely unaware that it is going on. That's bad.


Anyway, as far as blocking legitimate Tor users goes, regardless
of who is doing, there's a project here where Tor users are developing
rising up and taking action to make themselves and their wishes
known... but it doesn't appear a lead has been taken on that yet:
https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe

> It would be interesting to know if sites like Yelp/Craiglists are
> more afraid of anonymity and possible spam/trolls than crawlers.

Most internet companies are headquartered in big cities where there
are also a lot of Tor users. I'd suggest some of those users get
together to develop a list of interview questions, viewpoints and
examples... and then take an afternoon to go visit the companies
in person to exchange ideas.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

