RE: unaccessible for Tor users

Michel Py <> Tue, 15 March 2016 04:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5E74F12D870 for <>; Mon, 14 Mar 2016 21:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.503
X-Spam-Status: No, score=-0.503 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kB0S6kRpypbw for <>; Mon, 14 Mar 2016 21:01:25 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C210912D6E3 for <>; Mon, 14 Mar 2016 21:01:24 -0700 (PDT)
Received: from newserver.arneill-py.local ([fe80::e9e0:5b4:170e:c286]) by newserver.arneill-py.local ([fe80::e9e0:5b4:170e:c286%11]) with mapi id 14.03.0279.002; Mon, 14 Mar 2016 21:01:22 -0700
From: Michel Py <>
To: 'Andrew Sullivan' <>, "" <>
Subject: RE: unaccessible for Tor users
Thread-Topic: unaccessible for Tor users
Thread-Index: AQHRfgKa8AA/Dp7z106dGFDxm4jeYp9Zv6MDgAAA4jA=
Date: Tue, 15 Mar 2016 04:01:21 +0000
Message-ID: <F04ED1585899D842B482E7ADCA581B845754B366@newserver.arneill-py.local>
References: <20160313143521.GC26841@Hirasawa> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [fe80::e9e0:5b4:170e:c286]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Mar 2016 04:01:26 -0000

> Andrew Sullivan wrote :
> yet we need to do something about the attacks against the IETF sites, which have been painful and which we need to be prepared to handle.

About a month ago, I did a quick analysis on Tor exit nodes and found that about half of them are on a blacklist of some kind. I am not assessing the validity of the various methodologies used to blacklist the addresses, I'm just counting beans. The captcha mentioned earlier is a middle way, as some organizations go further and block Tor entirely. Call it profiling all you want, it's no different than a spam blacklist : it's IP reputation; being a Tor exit node does carry a burden in the metric used to assess the reputation and therefore the threat potential. If it looks like a duck and quacks like a duck, some people are going to wonder if it's a duck. I'm not judging here, I'm just looking at numbers.

> No brilliant suggestions here, just questions.

None here either. Regrettably, some guys out there are using Tor for bad purposes, it also is a foregone conclusion that some of the attacks carried over Tor are part of the equivalent of a joe-job.

Trolling about Tor being blocked does not help, though. Here is the challenge for the brilliant minds in here : make it so it preserves the anonymity of people who genuinely need it, but stop it from being an attack vector. It means cleaning up when it enters the system, instead of having users cleaning when it exits the system.