Those of you who read the CloudFlare post might also be interested in
Tor Project's recent post questioning the 94% figure:
https://blog.torproject.org/blog/trouble-cloudflare
Joseph Lorenzo Hall <joe(_at_)cdt(_dot_)org> wrote
Thu, 31 Mar 2016 22:32:57 -0700:
| IETF folks may be interested in this recent cloudflare post that outlines
| some potential changes to Tor -- SHA-256 hashes for hidden service certs,
| move proof-of-work into TorBrowser -- that could make this a bit more
| robust against automated malicious activity (unfortunate title IMO):
|
| http://blog.cloudflare.com/the-trouble-with-tor/
|
| On Monday, March 28, 2016, IETF Chair <chair(_at_)ietf(_dot_)org> wrote:
|
| > Based on earlier feedback on IETF discussion list, the IAOC has decided to
| > ask the IETF network admins to make a change with regards to how our CDN
| > serves clients coming from TOR networks.
| >
| > For background, our website uses a number of techniques to help combat
| > denial-of-service attacks. One of these mechanisms was based on CAPTCHAs
| > that were triggered, in particular, for some users when accessing the IETF
| > web site for the first time and heuristically identified as coming from a
| > TOR exit node. Once the CAPTCHA is passed, the user was able to browse
| > normally. However, in the process of performing the CAPTCHA and accessing
| > the IETF website, cookies and scripts are used, which was a concern for
| > some users.
| >
| > Information on the IETF website is meant to be public, and should be
| > openly accessible for as broad consumption as technically and practically
| > possible. When there are groups of people whose access to the website is
| > for some reason problematic, we try to accommodate better access, no matter
| > who makes such request, within the bounds of what is practical, of course,
| > and considering the potential effects of denial-of-service attacks and
| > other issues.
| >
| > The change in our settings is to no longer perform CAPTCHAs or other extra
| > mechanisms for clients coming from TOR networks. Behaviour for other users
| > should not be affected, though it is an open question whether any
| > significant denial-of-service attacks could be launched from these networks.
| >
| > Please note that the our admins are monitoring the situation, and have the
| > ability to change this configuration at any time. So if the TOR exit nodes
| > are the source of an attack, for instance, the configuration could be
| > adjusted again. And of course, further actions regarding how the IETF
| > website is run are based on our experiences from current and past setups,
| > and your feedback.
| >
| > Jari Arkko, IETF Chair
| >
|
|
| --
| Joseph Lorenzo Hall
| Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]e:
joe(_at_)cdt(_dot_)org, p: 202.407.8825, pgp:
https://josephhall.org/gpg-keyFingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86
6987 40A9 A871
|
| CDT's annual dinner, Tech Prom, is April 6, 2016!
| https://cdt.org/annual-dinner