Changes between Initial Version and Version 1 of Ticket #18361, comment 103


Ignore:
Timestamp:
Feb 24, 2016, 5:29:45 AM (4 years ago)
Author:
kbaegis
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18361, comment 103

    initial v1  
    11> > Finally, I'd invite you to revisit the key point here, which is that  your product line makes Tor unusable by many users who still want to  browse the web anonymously.  I understand that your company has a goal.   In this specific context, the busi ness goals are causing a legitimate  harm to web users and this is something that I suggest you revisit more  broadly within your organization.  Surely !CloudFlare has technical  expertise that extends beyond "Let's fix that with captcha" and there  are probably (from an engineering perspective) better ways to solve both  the problems of DDoS and spam than authenticating every single session.   
    2 > >
    3 > >
    4 > >
    5 >
    62> I agree with this. I've kicked off an internal discussion of the best  way to deal with the abuse coming from Tor (and elsewhere) that doesn't  involve CAPTCHAs. We'll continue with the other things listed above as I  want to have some immediate impact on this while in parallel looking  for better solutions.
    73
    8 I agree with Jacob here.  The Tor community can likely give you unique expertise if they're given a forum to do so.  Currently, they had to open a ticket to get your attention- hence the above discussion.  I'd also seriously look into how you are addressing DDoS from the network layer (specifically your edge router/firewall/load balancing configurations), how you scale your client infrastructure elastically, and specifically how you define your threat model.  Two subpoints: your own engineer has admitted that captcha is a terrible way to address this problem, stating "we struggle to even serve captchas."  So I'd challenge that this is an effective solution.  Second, I'm with several others here seriously questioning the SNR and throughput constraints around blanket allowance of Tor infrastructure.  It's like using a hatchet to remove a fly from your friends forehead.  Small problem, oblique solution.
     4I agree with Jacob here.  The Tor community can likely give you unique expertise if they're given a forum to do so.  Currently, they had to open a ticket to get your attention- hence the above discussion.  I'd also seriously look into how you are addressing DDoS from the network layer (specifically your edge router/firewall/load balancing configurations), how you scale your client infrastructure elastically, and specifically how you define your threat model.  Two subpoints: your own engineer has admitted that captcha ~~is a terrible~~ isn't a salable way to address this problem, stating "we struggle to even serve captchas" ![edit: 'while under attack'].  So I'd challenge that this is an effective solution for DDoS.  Second, I'm with several others here seriously questioning the SNR and throughput constraints around blanket allowance of Tor infrastructure.  It's like using a hatchet to remove a fly from your friends forehead.  Small problem, oblique solution.  Please remember that exit nodes are communal, so pretend for example that every time you wanted to blacklist a /32 ipv4 address, instead you were blacklisting an entire /24 public network. 
    95
    10 >
    11 >
    12 >
    136> > I'll wrap up with a question.  How are you intending on rolling  out this new feature?  Is it going to be opt-in, opt-out, will there be  an email sent to your customers about using it?  I think that this is  something that the community is greatly interested in.
    14 > >
    15 >
    167> Almost everything we announce goes on our blog so I imagine we'll do it  that way. It gets emailed to people who subscribe to the blog. I don't  know if it'll be emailed to all customers (mostly because we don't tend  to send them a lot of email and it's the mark eting group that decides).  The current plan is for this to be opt-in.
    178
    18 I think that this marginalizes the issue.  Offering a feature that most customers would have to voluntarily opt into and likely don't know about (because they'd have to be looking for it to find it) is a waste of everyone's time- particularly a CTO.  If your goal is to find a solution, this patently isn't it if it's going to be unannounced and opt-in.
     9I think that this marginalizes the issue.  Offering a feature that most customers would have to voluntarily opt into and likely don't know about (because they'd have to be looking for it to find it) is a waste of everyone's time- particularly a CTO.  If your goal is to find a solution, this patently isn't it if it's going to be unannounced and opt-in.  ![Added:]  I would expect that only website owners contacted specifically by Tor users would even be aware that this feature was available and could be enabled.