Changes between Version 2 and Version 3 of Ticket #18361, comment 112


Ignore:
Timestamp:
Feb 24, 2016, 8:24:59 AM (3 years ago)
Author:
lhi
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18361, comment 112

    v2 v3  
    99''Wikipedia'' is a nutcase. It merits another ticket. I'm not even asking for anonymous contribution or being allowed to correct small mistakes anymore (where research on anonymous trust tokens could come handy), no, I'm not allowed to use my established username, let alone a new one, at all unless forgoing Tor. That doesn't even make sense.
    1010
    11 Thanks for sharing your research! It's an extremely interesting subject and there are fine applications for it in every single one of the other domains you mentioned (Wikipedia, polls). I just don't think it's the solution to the problem at hand, which in my opinion is: ''In the absence of ongoing large-scale attacks, Cloudflare should just serve the damn page, better static than not at all, and not give us bullshit about how this is not possible.''
     11Thanks for sharing your research! I'm going to read it because it is an extremely interesting subject with fine applications to every single one of the other domains you mentioned (polls; Wikipedia - theoretically but not in bureaucratic practice; etc.). I just don't think it's the solution to the problem at hand, which in my opinion is: ''In the absence of ongoing large-scale attacks, Cloudflare should just serve the damn page, better static than not at all, and not give us bullshit about how this is not possible.''
    1212
    1313For me, the rest of the original ticket boils down to
     
    15151) We all know that the web and the internet it is built on, are fundamentally broken at an architectural level. As long as: DNS is around, servers are insecure, proper end-to-end crypto isn't the norm hence MITM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a bus.ness model around cobbling together superficial, overapproximating mitigations.
    1616
    17 It's nice of them to build workarounds, it would be nicer still to see them relegating Threat Scores and IP-based blocking to the dustbin of history where this belongs, but we can't expect them to retract their tendrils which will continue to suck in as much data as they can get.
     17It's nice of them to build workarounds, it would be nicer still to see them relegating Threat Scores and IP-based blocking to the dustbin of history where it belongs, but we can't expect them to retract their tentacles which will continue to suck in as much data as they can get.
    1818
    19192) They will be able to suck considerably less data out of anonymous users when not allowed to execute Javascript. Hence whatever workaround they choose, it must work exactly the same without Javascript.