Active Topics

 


Reply
Thread Tools
jukey's Avatar
Posts: 246 | Thanked: 204 times | Joined on Jun 2007 @ Potsdam (Germany)
#1
Hi, I would like to use the talk.maemo.org site while I am connected to the Tor Network. However, I alsways get the following error message:

Sorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist.
Feel free to contact our staff on irc freenode #maemo channel.
Even some apps discussed in t.m.o are made for using tor. Please allow these kind of traffic as well.

Thanks jukey
__________________
-> Join the SailfishOS Meetup Berlin - every first Monday a month <-

Me on twitter
 

The Following 5 Users Say Thank You to jukey For This Useful Post:
Posts: 646 | Thanked: 1,124 times | Joined on Jul 2010 @ Espoo, Finland
#2
Originally Posted by jukey View Post
Hi, I would like to use the talk.maemo.org site while I am connected to the Tor Network. However, I alsways get the following error message:
*Sorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist.*
How do you suggest to solve the problem if there is some massive spammer on tor that is using the same exit node as you?
 

The Following 6 Users Say Thank You to minimos For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#3
Exactly.

There was/is a massive attack against (our) forum from tor exit nodes.
So to keep it up running there was the need to blacklist those (few) bad guys/IPs.

Why the heck do you need to access a forum via tor???
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 6 Users Say Thank You to peterleinchen For This Useful Post:
jukey's Avatar
Posts: 246 | Thanked: 204 times | Joined on Jun 2007 @ Potsdam (Germany)
#4
Originally Posted by peterleinchen View Post
Exactly.

There was/is a massive attack against (our) forum from tor exit nodes.
So to keep it up running there was the need to blacklist those (few) bad guys/IPs.

Why the heck do you need to access a forum via tor???
1. The more people using Tor at the same time the better it helps to protect those who need.

2. I would like to hide my location and browsing habits.

3. I would like to have a weapon against Telecommunications data retention.
__________________
-> Join the SailfishOS Meetup Berlin - every first Monday a month <-

Me on twitter
 

The Following 3 Users Say Thank You to jukey For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#5
Originally Posted by jukey View Post
1. The more people using Tor at the same time the better it helps to protect those who need.

2. I would like to hide my location and browsing habits.

3. I would like to have a weapon against Telecommunications data retention.
While I sort of understand the reasoning for not allowing access from tor exit nodes, I have to agree with Jukey.
My God to honest opnion - blocking tor exit nodes is a violation of our privacy rights on this forum, and completely the oposite as supporting SFOS and opensource.
 

The Following 3 Users Say Thank You to nieldk For This Useful Post:
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#6
Originally Posted by nieldk View Post
While I sort of understand the reasoning for not allowing access from tor exit nodes, I have to agree with Jukey.
My God to honest opnion - blocking tor exit nodes is a violation of our privacy rights on this forum, and completely the oposite as supporting SFOS and opensource.
So... What do we do when folks using TOR exit nodes perform a successful DOS attack on this forum?
 

The Following 2 Users Say Thank You to Copernicus For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#7
Originally Posted by Copernicus View Post
So... What do we do when folks using TOR exit nodes perform a successful DOS attack on this forum?
By not allowing posts from new accounts for a time period
By not allowing multiple posts within XX minutes
By observing nicks of spammers and removing them (This can somewhat be scripted btw)

Anyways, that is not an excuse for blocking tor services at all.
We have also seen massive spams from certain countries, why are those countries not entirely blocked ? I will answer that myself. We dont want to harm friendly users from those counties.
Why do we want to harm friendly tor users then?

edit: aboy (D)DoS: https://www.torproject.org/docs/faq-abuse.html.en#DDoS
 

The Following 6 Users Say Thank You to nieldk For This Useful Post:
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#8
Originally Posted by nieldk View Post
Anyways, that is not an excuse for blocking tor services at all.
I'm just basically saying that I see no reason to give TOR exit points additional privileges over normal IP addresses. If your main defense against malicious accesses coming from a particular address is to block that address, and you decide that some addresses now cannot be blocked, well... now you've got a giant hole in your defense, right?

If a particular address is being used maliciously, it should be treated as any other address being used for malicious purposes. Treating some addresses as special would seem to defeat the purpose...
 

The Following 3 Users Say Thank You to Copernicus For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#9
Originally Posted by Copernicus View Post
I'm just basically saying that I see no reason to give TOR exit points additional privileges over normal IP addresses. If your main defense against malicious accesses coming from a particular address is to block that address, and you decide that some addresses now cannot be blocked, well... now you've got a giant hole in your defense, right?

If a particular address is being used maliciously, it should be treated as any other address being used for malicious purposes. Treating some addresses as special would seem to defeat the purpose...
This makes no sense, sorry.

Allow me to qoute a reply from another forum, adressing the same issue.

Your forum accepts posts from anybody. That is your core problem. Connecting to your site from various IP throughout the world is trivial, if only by using Tor. Tor provides "high anonymity" in that not only the user's identity is hidden, but each request is anonymous -- you cannot, from the outside, make sure whether two distinct requests are from the same human user or not.

This can be fixed at two levels:

1) Restricted anonymity: enforce user registration and authentication. Users may use a pseudonym, and need not provide an email address or any other identification, but your forum will insist on a login process before posting. That way, you can know whether two comments come from the same person. Note that this does not totally solve the issue; instead, that moves it to the registration process. The poor sob who has nothing better to do with his time than defacing your forum will adapt and engage into mass registration of phony accounts.

2) No anonymity (with regards to you): user registration, this time with an email address, which is verified during registration (you make sure that the registrant can read an email sent at the address he provided). The possibility to be identified, if only by law enforcement agencies, could be a powerful deterrent for wannabe spammers (even if the said spam is not necessarily punished by Law: to my constant dismay, there is no law against writing "LOLOLOLOL").

If you choose to retain anonymous posting, then, well, welcome to the wonderful world of Mankind. While most humans are civilized, honest and polite, there is always one user who thinks exposing his lack of education is a smart thing to do. The best you could do, then, is to patiently clean up (possibly proactively, by enforcing pre-publication control of all posts by trusted moderators) until the perpetrator loses interest or reaches the age of 14, whichever comes first. This may take a few weeks or months.

Historically, most societies have dealt with troublemakers by a mixture of ostracism and actual penalties (up to and including death). The apparent anonymity of Internet prevents efficient penalties (with a lot of resources, this anonymity can usually be unraveled, but police forces will not do that until an actual crime is committed). Ostracism is social pressure, so it does not work on people who do not feel the target forum as being a "society" they are part of.
 

The Following 6 Users Say Thank You to nieldk For This Useful Post:
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#10
Originally Posted by nieldk View Post
If you choose to retain anonymous posting, then, well, welcome to the wonderful world of Mankind. While most humans are civilized, honest and polite, there is always one user who thinks exposing his lack of education is a smart thing to do. The best you could do, then, is to patiently clean up (possibly proactively, by enforcing pre-publication control of all posts by trusted moderators) until the perpetrator loses interest or reaches the age of 14, whichever comes first. This may take a few weeks or months.
Cool! So, this forum is entirely infeasible to begin with.

I've gotta admit, I think a good 20% to 30% of the folks around me have never reached the age of 14, even though some of them are in their 60s or 70s already. There are some pretty crude adults out there today, and there really is no police force available to deal with them when they act out on the internet. (And this takes no account of the folks who "professionally" spam internet sites.)

My take is that there are more humans willing to spend their time to come and mess up an internet forum than there are humans willing to spend their time to moderate the forum. (Especially sites like TMO with relatively small numbers of participants.) As such, if you're going to try and fight all your battles hand-to-hand, the 14-year-olds are always going to win.
 

The Following 4 Users Say Thank You to Copernicus For This Useful Post:
Reply

Tags
https, legal hell

Thread Tools

 
Forum Jump


All times are GMT. The time now is 03:00.