[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Craigslist now blocking all Tor IPs? Template for anyone:



Comment mashup...

> I think Yelp blocks Tor for a similar reason to why Craigslist blocks
> Tor -- their value-add is their web pages, and if their competitors
> "steal" their web pages, they've got nothing else.
> That kind of business model leads to jealously guarding all of their
> pages from being crawled or otherwise viewed en masse -- which in turn
> leads to being angry and bitter at every new Internet technology.

Craigslist is relatively unusual in that they do not require an
account to view and reply, or even to post (that is, if users can
figure out what they mean by not needing an account). There is merit
in that usage model.

I'd be curious to know if they're using any antispam discriminator
engines, markov windows, adaptive statistical, bayes, etc. Those
combined with user ham/spam/moderation and captcha seem pretty
efective in email. No reason they can't be applied by typical site
operators whining about "comment spam".

Blocking IP's and phones and emails seems the cheap way out, as
opposed to integrating real protections in depth. To be expected
with todays silly startup business models where everything is an
afterthought.

> If someone logs into Yelp as the business owner and as a reviewer
> from the same IP, they would make such review "not recommended"
> (previously they made it "hidden" and protected with captcha). And
> possibly flag the whole business as suspect for writing false
> reviews. Yelp also sends businesses monthly reports

So when a restaurant has a single external IP rigged into its back
office, floor systems, and free wifi for patrons (a very common
architecture)... yeah, that makes a lot of sense... not.

> with new IP address in numerous cities all over the globe in a
> matter of minutes

> tough to make cloud IPs look and act the same as residential IPs

Tor enables global access for research, that's a good thing. Another
thing Tor users are doing is bravely pushing legal boundaries with
residential exits. Hopefully someday this will result in no more
raids based on silly internet packets.

> Tor exit nodes, on the other hand, have a lot of human shields
> using them too, so it makes it a lot harder to narrow down a
> specific "bad actor" without also hitting actual users.

Good, maybe then we can get the world off the "IP = user" mentality,
while gaining all this human legitimacy to Tor network thus making
people think twice before blocking it.

> It used to be that craigslist page loads via Tor were just painfully
> slow, which could have been a rate limiting strategy to combat
> scrapers, now they just ban it all together.

At the moment, no, not entirely.

The thing with the various unpublished blocking methods of various
websites is that legitimate users don't know how to fit in as good
and privacy conscious participants. Are they supposed to buy a new
phone every month? Stay in a certain city? Etc. Illegit users will
figure all this out. But it's harmful and expensive for the legit
ones who login the next day to only to find some unwritten automaton
rule wiped them out. And with CL, they completely ignore your
inquiries.

> I'm curious why Craigslist doesn't just sell their listing data via
> API access to companies like Padmapper, that would be a win-win.

They're probably worried about dilution. Has Craigslit ever sued
any other sites that have a similar listing model?

> Because they're actively hostile to creating a better user
> experience.

Craigslist seems a bit weird with their users, philosophy, and tech.

> I am a bit mixed about whether reducing anonymity is a good thing
> or not for a site that is ultimately centered around people
> interacting in real-life.

Reducing anonymity is definitely not good. The only one who can
truly look out for you is you. The phrase "911 is a joke" exists
for a reason. When you realize this, and begin to develop your own
strength, all of a sudden your own anonymity becomes paramount and
integral to that such that you are willing to accept the other side
having it too. It is one of the great equalizers, with it no one
can rule over you. And "data" wise, certainly not unjustly behind
your back without your consent. Phrase "buddy system" also exists
for reason.

> [blocking yields] massive collateral damage to privacy seekers though.

You want damage? How about another form of human rights abuse?

One thing their users do not know is that Craigslist keeps every
single post that has ever been posted on their site forever. Knowing
them, you could assume that means not just the text of post content,
but all the post pictures, related email addresses and phone
numbers... and all the relayed email content as well.
Given all the categories of posts and replies their users make,
this is a thoroughly dispicable invasion of personal privacy...
there is absolutely no legitimate reason for it whatsoever... and
their users are completely unaware that it is going on. That's bad.


Anyway, as far as blocking legitimate Tor users goes, regardless
of who is doing, there's a project here where Tor users are developing
rising up and taking action to make themselves and their wishes
known... but it doesn't appear a lead has been taken on that yet:
https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe

> It would be interesting to know if sites like Yelp/Craiglists are
> more afraid of anonymity and possible spam/trolls than crawlers.

Most internet companies are headquartered in big cities where there
are also a lot of Tor users. I'd suggest some of those users get
together to develop a list of interview questions, viewpoints and
examples... and then take an afternoon to go visit the companies
in person to exchange ideas.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk