[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] Are webmail providers biased against Tor?
On 2015-03-16 16:01, Richard Leckinger wrote:
I think 'track record' is the relevant point. Everywhere is suspicious
until you have a track record of accessing google from there. Tor by
design is meant to prevent any track record from developing.
The fact that you're constantly accessing Google from an otherwise
totally clean and featureless browser itself is a fingerprint that
Google could act upon, and "Tor exit node" could be treated as a
"country" like any other. Even if they can't separate you from other Tor
users, it's potentially just as significant as a fingerprint like
"Accesses NY, NJ frequently from each of the four largest providers'
dynamic IP ranges, and does not retain cookies"
However, the reality is that the rate of abuse from anonymous sources
will naturally be much higher, and as a result, it does make sense to
treat such connections with a higher level of suspicion.
A few weeks ago I ran a query against some servers logs which were fed
from SMTP, POP3, IMAP and webmail authentication attempts against a
DNSBL (torexit.dan.me.uk, I think?) that lists Tor exit nodes, there
were tons of unsuccessful authentication attempts coming from Tor exit
nodes, while there were zero successful authentication requests in the
time period studied. Many of the IPs were doing obvious dictionary
attacks, trying many thousands of attempts (with the IP itself being
locked out completely after just a few minutes). Based on this limited
analysis, it would make a lot of sense to block Tor completely since I
don't have any legitimate traffic from Tor. Various other countries
would meet this same criteria. However, I don't like to block this
I'm sure Google's scale means that there are a lot more legitimate users
Tor users than I have, but just the same, it's quite reasonable to treat
Tor traffic with a higher level of suspicion -- It's not about bias
against Tor, or against Tor users, or even a dislike of Tor, but rather,
it's the fact that a higher percentage of abuse comes from Tor than from
most other sources, even when you take the percentage of legitimate
traffic into account. The fact that Tor, by it's privacy centric nature,
makes it more difficult to use other fingerprinting techniques to sort
out legitimate users means that good users get lumped in with the bad
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to