Delivery-Date: Thu, 31 Mar 2016 14:04:50 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 155121E0AE7;
	Thu, 31 Mar 2016 14:04:49 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1B07839B6A;
	Thu, 31 Mar 2016 18:04:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 97C70388F1
 for <tor-talk@lists.torproject.org>; Thu, 31 Mar 2016 18:04:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WSsYjVO3aaJS for <tor-talk@lists.torproject.org>;
 Thu, 31 Mar 2016 18:04:40 +0000 (UTC)
Received: from continuum.iocl.org (continuum.iocl.org [217.140.74.2])
 by eugeni.torproject.org (Postfix) with ESMTP id E8B52383C4
 for <tor-talk@lists.torproject.org>; Thu, 31 Mar 2016 18:04:39 +0000 (UTC)
Received: (from krey@localhost)
 by continuum.iocl.org (8.11.3/8.9.3) id u2VI4ZJ11723;
 Thu, 31 Mar 2016 20:04:35 +0200
Date: Thu, 31 Mar 2016 20:04:35 +0200
From: Andreas Krey <a.krey@gmx.de>
To: tor-talk@lists.torproject.org
Message-ID: <20160331180435.GA20480@inner.h.apk.li>
References: <20160330132105.GA8024@lapsedordinary.net>
 <20160330150151.GD3164@riseup.net> <56FC34BD.9070808@gmx.com>
 <20160331052504.GA13693@inner.h.apk.li> <56FD4FEC.1040903@gmx.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <56FD4FEC.1040903@gmx.com>
User-Agent: Mutt/1.4.2.1i
X-message-flag: What did you expect to see here?
Subject: Re: [tor-talk] CloudFlare blog post
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, 31 Mar 2016 11:27:24 +0000, Joe Btfsplk wrote:
...
> >What I wonder is how they want to make a difference using .onion addresses
> >for their customers - tor crawlers can take that redirect just so.
> Andreas, sorry - don't understand part of your comment.
> "It would be quite a lot of effort to do... *what?*... this way... - 
> sorry, it won't work any better."

They said that automatically providing cloudflared sites with
onion addresses would make it easier to detect nonmalicious
tor use, but I wonder why they expect that the bad guys don't
immediately use the onion instead of the plain site as well.

...
> I've seen Cloudflare on low value target sites, like wood screw mfg info 
> sites & similar.  Unless other screw mfgs are sabotaging them, I doubt 
> much malicious activity is directed at such sites.

This is simply the default setting, I guess. CF isn't just
a abuse shield, it is first a CDN. There are sites where
there is nothing relevant to harvest, and there are sites
where there is, but they all use couldflare for different
reasons, and get the scraper protection for free, and not
necessarily on their intention.

> 94% is saying essentially ALL Tor traffic / requests are "per se" 
> malicious or use inordinate amt of resources.  That leaves me & 6% of 
> users that aren't.

Users != Traffic.

> Maybe ? he's counting crawler *individual* requests - page by page - as 
> malicious?  They might make many more requests than real users, thus the 
> 94% claim?

Quite probably.

...
> His statement(s) & reasoning about blocking Tor still seem strange.  As 
> they say, "follow the money trail."  "Money trumps all other reasons / 
> motives."

Tell that the authors of the software this mailing list is for.

> I still say trackers aren't going to pay sites for TBB traffic. Don't 
> say, "You're using Tor - get lost" - bad for public relations.  Instead, 
> play dumb & covertly discourage (some) Tor users  - so they access the 
> site w/ unhardened browsers.

Tracking is not cloudflare's business, it's the business of the site owner.

> Can't sites tell the difference in actions of crawlers & real users?

Not as easily as just using cloudflare as a front. Heck, my colleague
has cloudflare in front of one of his sites, even though there was
probable more traffic for setting that up than the site on a good day.

> I'm sure some use browsers other than TBB for crawling & malicious 
> activity.  Can't sites block / time-out crawlers from continuing to 
> access entire site, once it becomes apparent - regardless of which browser?

Yes. That would lock out the entire exit, and with the crawling
density this apparently basically never gives tor users access.

This is also what cloudflare does, just over longer time, and
giving a captcha instead of an reject.

> I get "time outs" from making 2 very narrow term searches in < 2 min. or 
> so, on some sites I'm registered on & participated - for a long time.
> Why can't sites do the same w/ crawlers' rapid, repeated requests?

Crawlers would immediately get smart and stretch their requests out?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

