Delivery-Date: Mon, 16 Mar 2015 19:48:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 84CC81E0D17
	for <archiver@seul.org>; Mon, 16 Mar 2015 19:48:22 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 10D133377F;
	Mon, 16 Mar 2015 23:48:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D089B3377D
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 23:48:14 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jnTw5M3QaQXR for <tor-talk@lists.torproject.org>;
 Mon, 16 Mar 2015 23:48:14 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id BD70E3355B
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 23:48:14 +0000 (UTC)
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG001777742.MSG 
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 16:48:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1426549692; x=1427154492; q=dns/txt; h=Message-ID:
 Date:From:User-Agent:MIME-Version:To:Subject:References:
 In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=kSq21StSQ
 zNaWPtHGgy89f75q648xOvdHO5n+ggk0vM=; b=klZzRw60nd4T5bVx6aSIYs7fg
 fkckyTKwtOwO0gfTPmsct3oRrqt+tL6MIi3QQsF41X3ZE8akCHvM67IbVRj7wgN2
 gYt3o4VYakjSBSOWS7xP7AdHtui7UxBI3EJYvh4rJorBb9IKPkPiq0HtFTxAtrbr
 EiDOYbxDRfRdHZF8Lg=
Received: from [x.x.x.x] (184.68.44.226) by VINCENT.hireahit.com (23.19.120.58)
 (Cipher TLSv1:AES-SHA:256) (MDaemon PRO v15.0.0) 
 with ESMTPSA id 50-md50000017615.msg for <tor-talk@lists.torproject.org>;
 Mon, 16 Mar 2015 16:48:11 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Mon, 16 Mar 2015 16:48:11 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <55076BB7.9090508@hireahit.com>
Date: Mon, 16 Mar 2015 16:48:07 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64;
 rv:24.0) Gecko/20140623 FossaMail/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <b6cb75245c0c0ec46b713575b96647e1@openmailbox.org>
 <20150316113315.GD2077@riseup.net>
 <5613afa1a339f26dbaaec7bac784f781@openmailbox.org>
 <550760BF.1050000@gmail.com>
In-Reply-To: <550760BF.1050000@gmail.com>
Subject: Re: [tor-talk] Are webmail providers biased against Tor?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-03-16 16:01, Richard Leckinger wrote:
> I think 'track record' is the relevant point. Everywhere is suspicious 
> until you have a track record of accessing google from there. Tor by 
> design is meant to prevent any track record from developing. 

The fact that you're constantly accessing Google from an otherwise 
totally clean and featureless browser itself is a fingerprint that 
Google could act upon, and "Tor exit node" could be treated as a 
"country" like any other. Even if they can't separate you from other Tor 
users, it's potentially just as significant as a fingerprint like 
"Accesses NY, NJ frequently from each of the four largest providers' 
dynamic IP ranges, and does not retain cookies"

However, the reality is that the rate of abuse from anonymous sources 
will naturally be much higher, and as a result, it does make sense to 
treat such connections with a higher level of suspicion.

A few weeks ago I ran a query against some servers logs which were fed 
from SMTP, POP3, IMAP and webmail authentication attempts against a 
DNSBL (torexit.dan.me.uk, I think?) that lists Tor exit nodes, there 
were tons of unsuccessful authentication attempts coming from Tor exit 
nodes, while there were zero successful authentication requests in the 
time period studied. Many of the IPs were doing obvious dictionary 
attacks, trying many thousands of attempts (with the IP itself being 
locked out completely after just a few minutes). Based on this limited 
analysis, it would make a lot of sense to block Tor completely since I 
don't have any legitimate traffic from Tor. Various other countries 
would meet this same criteria. However, I don't like to block this 
indiscriminately.

I'm sure Google's scale means that there are a lot more legitimate users 
Tor users than I have, but just the same, it's quite reasonable to treat 
Tor traffic with a higher level of suspicion -- It's not about bias 
against Tor, or against Tor users, or even a dislike of Tor, but rather, 
it's the fact that a higher percentage of abuse comes from Tor than from 
most other sources, even when you take the percentage of legitimate 
traffic into account. The fact that Tor, by it's privacy centric nature, 
makes it more difficult to use other fingerprinting techniques to sort 
out legitimate users means that good users get lumped in with the bad 
automatically.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

