Delivery-Date: Wed, 30 Mar 2016 11:02:06 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C65DB1E052C;
	Wed, 30 Mar 2016 11:02:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 07E1D39611;
	Wed, 30 Mar 2016 15:02:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EE736387D0
 for <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 15:01:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tV8Csd41Fp8L for <tor-talk@lists.torproject.org>;
 Wed, 30 Mar 2016 15:01:55 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id CE9CE23900
 for <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 15:01:55 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id A82C51A7A76
 for <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 15:01:52 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: phw)
 with ESMTPSA id 4CCBB40146
Date: Wed, 30 Mar 2016 11:01:51 -0400
From: Philipp Winter <phw@nymity.ch>
To: tor-talk@lists.torproject.org
Message-ID: <20160330150151.GD3164@riseup.net>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <20160330132105.GA8024@lapsedordinary.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20160330132105.GA8024@lapsedordinary.net>
X-Virus-Scanned: clamav-milter 0.99 at mx1.riseup.net
X-Virus-Status: Clean
Subject: Re: [tor-talk] CloudFlare blog post
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Mar 30, 2016 at 01:21:05PM +0000, Martijn Grooten wrote:
> CloudFlare CEO Matthew Prince just posted this blog post
> 
>   https://blog.cloudflare.com/the-trouble-with-tor/  
> 
> which I think is worth a read for people on this list.

My blog comment is still awaiting moderation, so I'll post it here too:

---
I don't see any mention of a client-side PoW scheme in the draft, which
may be good because it seems difficult to discourage attackers
sufficiently while not inconveniencing users too much.  See also:
<https://www.cl.cam.ac.uk/~rnc1/proofwork.pdf>

I am also skeptical about the sentence "Based on data across the
CloudFlare network, 94% of requests that we see across the Tor network
are per se malicious."  I would really like to hear about the method you
used to get to that number and what, exactly, you classify as
"malicious."  For example, for how long did you observe requests coming
out of the network? After all, you justify the use of CAPTCHAs with this
high number, so it would be great if we could all verify the problem.

I also wonder how effective your CAPTCHAs really are.  Deep learning
techniques suggest that bots are about to become just as good, or even
better, at solving CAPTCHAs than people.  Therefore, I wonder if a long
term solution should also center around the question if the distinction
between people and machines is still meaningful.

Still, thanks for trying to improve the situation.
---
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

