wiki:org/meetings/2014SummerDevMeeting/TorBlockingDiscussion

There are crypto solutions, but not explored - everyone uses CAPTCHA, IP or Facebook login.

examples: mozilla uses EFNet IRC blocklist, Google blocks excessive crawl, yelp blocks contribution.

Social cost aspect: hard to convince of the benefits when sites are already blocking Tor.  (E.g. yelp doesn't have a way to discover what Tor users could contribute, Wikipedia is missing out on edits from censored users)  Results in current equilibrium.

Failure modes: cloudflare or akamai -- Isis has had some success communicating with people at CF when Tor gets blocked.  Outsourcing blacklists, e.g. Skype uses some purchased blocklist that includes Tor exits.

NSF submission with social scientists to assess social costs of over-blocking.

Hope for EFF to hire and manage activist developer to coordinate with over-blocking websites/services as a neutral third party.  Needs to be a social movement and EFF is good at social advocacy.

This plan has not been public so far.  Should Roger write a blog post talking about this, or should Tor try to hire this person?

Who should be working on this?

Mozilla Persona server one potential technical component.  It is linkable, like the Nym system.  New crypto schemes are also unlinkable. 

Fork Persona to use blindable signatures?

Options:

- Nominate person(s) to "persuade" EFF to pursue this issue.  EFF resistant due to space issues?

- Blog post about this problem: list the sites and possible solutions, get people excited about the problem.  Wall of shame site/app?  (Probably more effective if done by EFF?)  Hope that this excites EFF?

Discussion of options, e.g. Wikipedia quarantine.  Imperfectly effective scheme might still be useful to help assess social cost.

Caspar's Modest Proposal: user reporting and exit node config in TBB.  OONI tie-in.  Political implications vs cost to Tor network.

Most likely a multi-year project to make technical side possible?  But an important aspect of the problem is figuring out which technical solutions are workable for different use cases, or using advocacy to find simpler solutions. 

- Flesh out Persona plan, deploy and try to get websites to use it.  Persona could support "levels of difficulty" indicating pseudonym difficulty. 
   - Need to find not too big, not too small test websites.
   - trac.tpo?
   - Tell world about it now, or wait until it is ready?  Enough work it might be best to wait. Isis will work on it?
   - PoC demo by end of year leading to blog post?
   - Having technical plan changes EFF involvement to advocacy?
   - Plan to measure wikipedia cost: run wikipedia.tpo
   - Persona limitation: still linkable; a CloudFlare "cookie?"  Pseudonymity a possibility using blind signatures.  Maybe the Faust design could help?

Is there a role for community advocates between the EFF advocate and the Tor technical devs?

Important to identify potential funding sources as a next step.

Medium term idea: form letter that people can cut & paste if blocked via Tor?  Might turn off important potential partners.

Last modified 4 years ago Last modified on Jul 1, 2014, 12:43:42 PM