Delivery-Date: Thu, 31 Mar 2016 15:36:23 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 17EBE1E0B86;
	Thu, 31 Mar 2016 15:36:21 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6532439CD4;
	Thu, 31 Mar 2016 19:36:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 77A0538938
 for <tor-talk@lists.torproject.org>; Thu, 31 Mar 2016 19:36:13 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id t_jAo1dWCPQP for <tor-talk@lists.torproject.org>;
 Thu, 31 Mar 2016 19:36:13 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 0A82233A72
 for <tor-talk@lists.torproject.org>; Thu, 31 Mar 2016 19:36:12 +0000 (UTC)
Received: from [192.168.2.60] ([99.190.181.188]) by mail.gmx.com (mrgmx101)
 with ESMTPSA (Nemesis) id 0M1BMy-1ZsmNz2XQ8-00tEQI for
 <tor-talk@lists.torproject.org>; Thu, 31 Mar 2016 21:36:08 +0200
To: tor-talk@lists.torproject.org
References: <20160330132105.GA8024@lapsedordinary.net>
 <20160330150151.GD3164@riseup.net> <56FC34BD.9070808@gmx.com>
 <20160331052504.GA13693@inner.h.apk.li> <56FD4FEC.1040903@gmx.com>
 <20160331180435.GA20480@inner.h.apk.li>
From: Joe Btfsplk <joebtfsplk@gmx.com>
Message-ID: <56FD7C22.9080603@gmx.com>
Date: Thu, 31 Mar 2016 14:36:02 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160331180435.GA20480@inner.h.apk.li>
X-Provags-ID: V03:K0:VdF8/YRBVaqUkBTWVPgH0ESIoaNMhAfi52Ih/1VNZ9qc/cqB8A1
 gxU+YF7TzZjcpabByT3ZYvIjqXAV/Fug5Ah/+ppxDT8ksXLnMEZE7DBjhF3pM1NuY+u5+O0
 gK7z0qAp6VKoV/VlcPnCl5Dx12C705o6zpERdNAEXEfy9oMNwX+IMdhINPHEdvd/aMZpjQs
 3XWR3VRVzcw6gjzQOtC+Q==
X-UI-Out-Filterresults: notjunk:1;V01:K0:vQgCuEewkSU=:4lbiqZN8aTfLGo3WDTcPw6
 qXp5yLBdLdPmKIPW5czhbwxxAK5kFC9xnP+4thj1hatn5bxFPsKXFWTkDtHLW5mBRjNQu6NJZ
 zY68TgYJ3cnzIjOKHYoyYRN/gVNgMbKRbKATFJQ+0xtp6UjfPA0MaTAp3rM6uv7q4q9LMbTmE
 LF9lA8YAe/SO9ChRlo5DuSifIvqAKOtL0p8Ikv/d1aQBf0VeqZKcndakIx5E3HsSa0ilowunT
 nzBYIvw9kGb8dWemMsYopB8jRqFqt9nuhBzVRru87fnnjQf34T0BEqcC14wPV8fFCGPdk39w/
 nvMvFzAvCCNjFKkq50zx6s79iuKWVxxibzKo8c4cfL49MIeGEt7vNreVaqhfxj6UXIqVrPnq9
 2ZHwtckA99DRl4nLesUjvBw2oV7NI1s9H8BLZRugIuZLOnOjf3s5J533Be+DxINXTlTjKobjY
 568PuKzavV68jTo03Bua5Ea1FCyF4TCWbFFuzkUPUuuqrwW4cyM+G2FBIBJsH2XAyjMjZJ7uU
 k2Fu/m4LUw3y2tu4Yobazwttx7HgBpmGvmDT2yhRi7BOa5BDsHYElbx6OKCfK+3AAmMpqT4pX
 MTfXIMuihV5XxNXo7PzApDmvP0jVTIpjEN76+Qpz1GO7I/Flu+XV6M51sngUk5Z91WABT8ruM
 EZbZ5/hhs4DpMKm+HaYqrlUcG5bPYX2FACKXsEk5/BVyjLoEc2gkcvEdjY843WLHRo5m495SQ
 JNNe510B2kdjJo6yrc/Ga5xytznSBOaMx/US67I4IqZQtSGHkji8hMqBxvduLnJzx9/XbBTEF
 Fw0bX+t
Subject: Re: [tor-talk] CloudFlare blog post
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 3/31/2016 1:04 PM, Andreas Krey wrote:
> On Thu, 31 Mar 2016 11:27:24 +0000, Joe Btfsplk wrote:
> ...
>
> They said that automatically providing cloudflared sites with
> onion addresses would make it easier to detect nonmalicious
> tor use, but I wonder why they expect that the bad guys don't
> immediately use the onion instead of the plain site as well.
I don't see how bad guys just wouldn't adapt.  They always do.
> Users != Traffic.
Yes - what does that have to do w'/ Cloudflare blocking Tor?
>
>> His statement(s) & reasoning about blocking Tor still seem strange.  As
>> they say, "follow the money trail."  "Money trumps all other reasons /
>> motives."
> Tell that the authors of the software this mailing list is for.
Tor is non-profit.  They also don't use trackers.  It's different with 
For-profit sites.
> Tracking is not cloudflare's business, it's the business of the site owner.
Yes & no.  It's the business of the trackers, who pay the sites.  Some 
sites need / want help rejecting "unprofitable" users / traffic, that 
trackers won't pay them for. e.g., by using Cloudflare's unsolvable 
captchas to exclude Tor users.
How did Google became the giant it is?  By NOT collecting data, tracking 
users - not using it for advertising or selling the data? Tracking users 
& collecting data, building profiles is huge business.
TBB makes that much harder.  It's not hard to conclude that's why some 
sites don't want TBB users taking resources, though not the only reason 
they may have.
>> Can't sites tell the difference in actions of crawlers & real users?
> Not as easily as just using cloudflare as a front.
Exactly my point.  Maybe you got that & were reinforcing it?  If some 
sites didn't want to exclude TBB, they wouldn't allow Cloudflare serving 
unsolvable captchas.
If they're serving the same unsolvable captchas to *all* browsers, they 
wouldn't have any traffic.

Maybe Tor devs could meet w/ some of the sites and / or Cloudflare, to 
see actual data showing 94% of Tor traffic malicious.
And see if it's remotely possible to do anything about it.  Or, if it's 
just a made up number & not the real reason Cloudflare is blocking Tor.  
Because I'm not sure the problem will go away anytime soon.

We could file a class action suit for discrimination against "freedom to 
choose a browser."  I think it's in the constitution.
> Crawlers would immediately get smart and stretch their requests out?
>
>
Yes, but once a site detects crawlers repeatedly trying to access far 
more content than most any real user, they could put a halt.
But if an exit has 1 crawler & 99 real users, the whole exit gets 
blocked.  Unless the site / Cloudflare - whom ever - uses finer 
detection (fingerprinting, etc.) to block only certain requests from an 
exit - if that's possible.
I doubt they want to go to the trouble, as TBB users hurt their business 
anyway, from a tracking stand point.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

