On 2017-02-09 23:40, grarpamp wrote:
On Wed, Oct 5, 2016 at 8:11 AM, Alec Muffett wrote:
a) I like the idea of Google giving you "one free search" and from that
trying to determine whether you are an "asshole" after which it lightens up
with the oppression
That's fine, if implemented well, bec
On Wed, Oct 5, 2016 at 8:11 AM, Alec Muffett wrote:
> a) I like the idea of Google giving you "one free search" and from that
> trying to determine whether you are an "asshole" after which it lightens up
> with the oppression
That's fine, if implemented well, because the 'one free' is the
same as
On Tue, Oct 4, 2016 at 9:07 PM, krishna e bera wrote:
> We are already starting to see people switching away from Google for
> privacy reasons and soon it will also be because of censorship
> (nationstate edicts and EU "right to forget") and biasing (due to
> Google's political involvement, e.g. s
hi...@safe-mail.net:
> https://duckduckgo.com has become increasingly better lately. Only during
> the past 6 months or so, their search results have become almost on par
> with the big ones, like Google, Bing, etc.
>
> In regards to Google, it all comes down to censorship and anti-privacy.
La
It's still not clear at this point what their motivations are. Also the FAQ
should be changed to reflect this:
https://www.torproject.org/docs/faq#GoogleCAPTCHA Specifically this part "To
our knowledge, Google is not doing anything intentionally specificallyto deter
or block Tor use."
21. Jan
https://duckduckgo.com has become increasingly better lately. Only during
the past 6 months or so, their search results have become almost on par
with the big ones, like Google, Bing, etc.
In regards to Google, it all comes down to censorship and anti-privacy.
Just like Microsoft and Windows 10
On Thu, Jan 19, 2017 at 2:58 PM, wrote:
> Indeed, that error is incredibly annoying. Especially since
> you happen on it only after you solve the 2 recaptchas.
> Other major search engines have no problem with Tor,
> such as:
>
> Bing.com, Yahoo! Search, Ask, Aol
Of course they have no problem w
Indeed, that error is incredibly annoying. Especially since
you happen on it only after you solve the 2 recaptchas.
Other major search engines have no problem with Tor,
such as:
Bing.com, Yahoo! Search, Ask, Aol
> Just noting that these threads are, beyond silly corporate mandates,
> largely
Just noting that these threads are, beyond silly corporate mandates,
largely unexplored, and I'd like to, time permitting, follow up with
Mirirmir and Alec on their fine ideas and discourse, since access
to services, even anonymously so, is an important thing for the
world's peoples.
--
tor-talk m
On 18 October 2016 at 22:29, grarpamp wrote:
> On Mon, Oct 3, 2016 at 9:12 AM, Alec Muffett
> wrote:
> > smply, my Netflix viewing, or whatever, does not need to be anonymised.
>
> It is good that you have assessed your own needs to privacy
> in that use case and have made any courses of action
On Mon, Oct 3, 2016 at 9:12 AM, Alec Muffett wrote:
> smply, my Netflix viewing, or whatever, does not need to be anonymised.
It is good that you have assessed your own needs to privacy
in that use case and have made any courses of action therein
for yourself.
However we are in no position to sa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/07/2016 02:16 PM, Joe Btfsplk wrote:
> On 10/5/2016 11:23 AM, Mirimir wrote:
>>
>> Yes, it's partly that residential IPs are (or have been, anyway)
>> dynamic.
> I guess that depends on the provider and exact type of service.
> AT&T "digital" (
On 10/5/2016 11:23 AM, Mirimir wrote:
Yes, it's partly that residential IPs are (or have been, anyway)
dynamic.
I guess that depends on the provider and exact type of service. AT&T
"digital" (Uverse) residential internet hasn't had dynamic IPa's for
several yrs.
In many places, they discontinu
Alec Muffett writes:
> I'm old enough to remember when `finger usern...@host.subdomain.tld`
> actually worked and was useful; there's a lot you can build with that
> kind of connectivity.
I wonder what percentage of late-90's "finger" traffic was solely to see
if John Carmack had spilled any exc
On 7 October 2016 at 19:59, Mirimir wrote:
> On 10/07/2016 05:50 AM, Jon Tullett wrote:
>> I find tracking that historical change to be useful because it reminds
>> me that our expectations in the future will be different too. Our
>> notions of privacy and security, for example, are far from stat
On 10/07/2016 05:50 AM, Jon Tullett wrote:
> On 7 October 2016 at 13:21, Mirimir wrote:
>> Reddit, in contrast, is a total free-for-all
>
> It really varies. Some subreddits are VERY heavily moderated, some are
> completely open, most are somewhere in between. Your experience of
> reddit is proba
Amplifying just one little bit of this:
On 7 October 2016 at 12:21, Mirimir wrote:
> Yes, that's the hardest problem. Why do sites care about the
> relatively small share of users that want pseudonymous and/or
> location-obscured access?
I would phrase that as "Why _should_ sites care about th
On 7 October 2016 at 13:21, Mirimir wrote:
> Reddit, in contrast, is a total free-for-all
It really varies. Some subreddits are VERY heavily moderated, some are
completely open, most are somewhere in between. Your experience of
reddit is probably quite personal and likely to be different from any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/05/2016 06:11 AM, Alec Muffett wrote:
> Mirimir: Generally I like your suggestions, they are thoughtful,
> and I think you're shooting in the right direction.
Thanks :) I'm stretching to get past my default urge to evade blocks.
> A few observa
On 10/05/2016 09:57 AM, blo...@openmailbox.org wrote:
> On 2016-10-05 07:28, Mirimir wrote:
>
>> Bottom line, it's easy to create
>> lists of VPN exit IPs, and those IPs generally belong to data centers.
>>
>> But of course, those exits all have data-center IPs. However, if
>> discrimination again
On 2016-10-05 07:28, Mirimir wrote:
Bottom line, it's easy to create
lists of VPN exit IPs, and those IPs generally belong to data centers.
But of course, those exits all have data-center IPs. However, if
discrimination against Tor and data-center IPs becomes intense enough,
that will create a
Mirimir: Generally I like your suggestions, they are thoughtful, and I
think you're shooting in the right direction.
A few observations:
a) I like the idea of Google giving you "one free search" and from that
trying to determine whether you are an "asshole" after which it lightens up
with the opp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/05/2016 02:15 AM, Alec Muffett wrote:
> On 5 October 2016 at 08:28, Mirimir wrote:
>
>> So maybe there is a benefit of blocking behavior, rather than
>> IPs?
>
>
> I'd be interested to see you continue / expand upon how you
> believe this wo
On 5 October 2016 at 08:28, Mirimir wrote:
> So maybe there is a benefit of blocking behavior, rather than IPs?
I'd be interested to see you continue / expand upon how you believe this
would be manifest / what this would do and how it would be achieved.
As it stands it's an suggestion (?) that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This has been a great thread, with many insightful comments. I'm going
to pick some key conversations. One, between grarpamp (GP) and Alec
Muffett (AM) on why websites discriminate broadly against Tor traffic.
For simplicity, I'm not preserving tempora
We are already starting to see people switching away from Google for
privacy reasons and soon it will also be because of censorship
(nationstate edicts and EU "right to forget") and biasing (due to
Google's political involvement, e.g. suppressing typeaheads negative to
Clinton). The alternative se
Rolling together a couple of Joe's emails…
> If the intent is to say Google & other sites are trying to protect
> themselves & their users at all costs - point taken - in part.
>
Not at all costs, but I believe I've done a fair job in previous mails of
explaining how they might consider it to b
On 4 October 2016 at 01:51, Jeremy Rand wrote:
> Alec Muffett:
>
> I'm curious what the advantage is in this respect of .onion compared to
> using TLS with manual fingerprint verification.
>
I like to look at Onions from the perspective of a network engineer:
- it's a lightweight near-equivalen
On 10/3/2016 2:09 AM, Alec Muffett wrote:
On 3 October 2016 at 01:40, wrote:
While outreach and cooperation with some companies may work, do you not
consider that a sizable number of sites will always block anonymous traffic
simply because they can not monetize it with targeted ads?
Ah! Tha
Jeremy Rand:
> Alec Muffett:
>> Irregardless of the political and privacy issues there are also technical
>>> benefits to using Tor for day to day traffic.
>>
>>
>> Totally. So many people are fixated on "anonymity" and completely ignore
>> the end-to-end nature of Onion addressing, for instance.
Alec Muffett:
> Irregardless of the political and privacy issues there are also technical
>> benefits to using Tor for day to day traffic.
>
>
> Totally. So many people are fixated on "anonymity" and completely ignore
> the end-to-end nature of Onion addressing, for instance.
>
> It's a fantast
On 3 October 2016 at 23:15, wrote:
> The logic of blocking everything completely *all the time* (like Google
> does) is already a big problem
Here's a picture of me loading Google over Tor:
https://imgur.com/gallery/pMabZ
That much works. A narcissistic self-search subsequently crashed, ver
The logic of blocking everything completely *all the time* (like Google
does) is already a big problem with the IPv4 address space becoming over
saturated. Its not a Tor only thing. Sometimes an entire country is
behind a single NAT access point.
Researching ways that don't infringe on user's
Alec Muffett writes:
> Correct. One can enumerate the exit nodes from Onionoo quite easily, but
> making that information dynamically available to your web fleet, and
> integrating it into your business logic, is trickier. :-)
I was thinking of this:
https://www.torproject.org/projects/tordnse
On 3 October 2016 at 19:57, James Anslow wrote:
> Isn't there merit to the idea of moving as much over tor as possible so as
> to work towards dispelling the myth of tor as a network that only transmits
> questionable traffic?
>
Yes there is, so long as the result does not suck.
If the result s
On 3 October 2016 at 19:34, Seth David Schoen wrote:
> Alec Muffett writes:
>
> > To a first approximation I am in favour of maximising all of those, but
> > practically I feel that that's a foolhardy proposition - simply, my
> Netflix
> > viewing, or whatever, does not need to be anonymised.
>
>
affic.
-Original Message-
From: Alec Muffett
Sender: "tor-talk" Date: Mon, 3 Oct 2016
19:49:28
To:
Reply-To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 3 October 2016 at 18:59, meejah wrote:
> Alec Muffett writes:
>
&
On 3 October 2016 at 18:59, meejah wrote:
> Alec Muffett writes:
>
> I think it's kind of dangerous to assume whole classes of information
> will *never* be interesting -- if you don't anonymize at the source,
> they'll be recorded forever (approximately).
>
True.
But, for a practical non-fut
On 3 October 2016 at 19:06, meejah wrote:
> Alec Muffett writes:
>
> > 2) In my experience the "blocking" that companies do to Tor (and similar)
> > is 100% grounded in the threats from spam, scraping, testing phished
> > credentials, and other forms of bad behaviour.
>
> A lot of it is just by
Alec Muffett writes:
> To a first approximation I am in favour of maximising all of those, but
> practically I feel that that's a foolhardy proposition - simply, my Netflix
> viewing, or whatever, does not need to be anonymised.
I appreciate your approach to analyzing what Tor-like tools need to
Alec Muffett writes:
> Actually, I just want to hammer this point home with a really _large_
> sledgehammer.
+50, some good points :)
--
meejah
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/l
Alec Muffett writes:
> 2) In my experience the "blocking" that companies do to Tor (and similar)
> is 100% grounded in the threats from spam, scraping, testing phished
> credentials, and other forms of bad behaviour.
A lot of it is just by accident, too, I think: many Cloudflare customers
seem n
Alec Muffett writes:
> To a first approximation I am in favour of maximising all of those,
> but practically I feel that that's a foolhardy proposition - simply,
> my Netflix viewing, or whatever, does not need to be anonymised.
I think it's kind of dangerous to assume whole classes of informati
On 3 October 2016 at 15:43, wrote:
>
> But a point might be: tor exit nodes are public but SOCKS proxies are not.
> Unless you tell me otherwise, I don't think there are centralized databases
> of SOCKS proxies.
>
Let me make an even more generalised statement:
"There are centralised databases o
On 2016-10-02 22:33, Alec Muffett wrote:
So:
- person uses tor to connect to socks proxy provider
- person authenticates (?) to socks proxy provider
- person traverses socks proxy prover to connect to end service
This sound like putting a condom on top of another condom after cutting
a
hole i
Typo, my bad:
On 3 October 2016 at 14:12, Alec Muffett wrote:
> I am _very_ glad that the IETFers who argued against ".onion" and said
> that Tor somehow needed to become a "scheme" (eg: "onions://foo.onion/")
> were beaten.
>
> My take on the whole matter is "just because Tor Onionspace is not
This thread/discussion/response is getting very fragmentary, so pardon if I
slash-and-burn a little to try and restore a theme:
On 3 October 2016 at 09:46, grarpamp wrote:
> On Sun, Oct 2, 2016 at 5:53 PM, Alec Muffett
> wrote:
> >"How many more of X? How many X should there be in total?
On Sun, Oct 2, 2016 at 5:53 PM, Alec Muffett wrote:
>"How many more of X? How many X should there be in total?
> So now we need "more than 1" proxy network - but still, how many?
Fermi Napkin is legit approach.
Though network quality and purpose must also be included in that.
> ...if we wan
Actually, I just want to hammer this point home with a really _large_
sledgehammer.
Compare:
a sizable number of sites will always block anonymous traffic simply
>> because they can not monetize it with targeted ads?
>
>
Contrast:
> 2) for the compliance people you are turning the fact someon
On 3 October 2016 at 01:40, wrote:
While outreach and cooperation with some companies may work, do you not
> consider that a sizable number of sites will always block anonymous traffic
> simply because they can not monetize it with targeted ads?
Ah! That delightful old argument.
I've heard it
@Alec Muffett
While outreach and cooperation with some companies may work, do you not
consider that a sizable number of sites will always block anonymous
traffic simply because they can not monetize it with targeted ads?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe o
On 1 October 2016 at 16:10, wrote:
> I didn't explain myself very well. With the proxychains tool (
> http://proxychains.sourceforge.net/) you can write something like:
>
[...deletia...]
So:
- person uses tor to connect to socks proxy provider
- person authenticates (?) to socks proxy provider
On 2 October 2016 at 11:01, grarpamp wrote:
>
> I want to see more than one overlay network with "exit" feature,
>
So do I - totally agreed.
What I find useful when anyone says "We need more of X!" is to ask:
"How many more of X? How many X should there be in total? And what
constitutes X?"
On Tue, Sep 27, 2016 at 3:39 AM, Alec Muffett wrote:
> So to convince people who work at companies of the value of hunting for and
> recovering these grains of rice, you have got to make them _care_.
I want to see more than one overlay network with "exit" feature,
Tor is a singular easy target pa
On 2016-09-27 15:50, Alec Muffett wrote:
Is it possible to use a different proxy way to access Gmail, FB, etc
without being seen as suspicious? For example, one could use
proxychains
with Tor followed by a SOCKS proxy to login.
If I understand you right (?) I think that was exactly the reas
On 09/30/2016 02:42 PM, blo...@openmailbox.org wrote:
> On 2016-09-28 02:28, Mirimir wrote:
>
>> I'm a pretty technical guy, and it's been years since I managed to get a
>> Facebook account for a persona. But I see that bogus and stolen Facebook
>> accounts are available in bulk from criminals, ma
On 9/27/2016 9:02 PM, Mirimir wrote:
On 09/27/2016 06:50 PM, Joe Btfsplk wrote:
Sometimes, they start renewing pictures in the [CAPTCHA] array
that I've already checked, before I get to the end & submit. I
tried doing it faster - they replaced them faster.
Obvious they didn't want Tor users
On 2016-09-28 02:28, Mirimir wrote:
I'm a pretty technical guy, and it's been years since I managed to get
a
Facebook account for a persona. But I see that bogus and stolen
Facebook
accounts are available in bulk from criminals, marketed to criminals.
Or
at least, to advertisers ;)
Sorry...
On 09/27/2016 03:45 AM, Alec Muffett wrote:
> On 27 September 2016 at 09:42, Mirimir wrote:
>
>> On 09/27/2016 01:39 AM, Alec Muffett wrote:
>>> On 27 September 2016 at 06:42, grarpamp wrote:
>>> In such circumstances they are not actually looking at you / what you are
>>> searching for. They ar
On 09/27/2016 07:21 PM, Jeremy Rand wrote:
> ... In contrast, almost every time I try to do a Google Search, I get a
> CAPTCHA (and if I try to complete the CAPTCHA, I usually fail many times).
With Google search, I often get an outright denial of service, even
after passing the CAPTCHA and sub
On 09/27/2016 06:50 PM, Joe Btfsplk wrote:
> Sometimes, they start renewing pictures in the [CAPTCHA] array
> that I've already checked, before I get to the end & submit. I
> tried doing it faster - they replaced them faster.
> Obvious they didn't want Tor users on those types of sites.
That C
Joe Btfsplk:
> On 9/26/2016 11:57 PM, Jeremy Rand wrote:
>> If it matters, I usually have Tor Browser in Medium-High security level,
>> so Javascript is enabled for HTTPS sites (including Google Translate).
>>
>> Cheers,
>> -Jeremy
>>
> Yep, mine can be in Med or Med High security, and a lot of cap
On 9/27/2016 9:57 AM, blo...@openmailbox.org wrote:
This is exactly my issue. If I login to my Gmail or FB account then
invariably Gmail or FB thinks I am a suspicious person hence "Something
seems a bit different about the way you're trying to sign in. Complete
the step below to let us know i
On 9/26/2016 11:57 PM, Jeremy Rand wrote:
If it matters, I usually have Tor Browser in Medium-High security level,
so Javascript is enabled for HTTPS sites (including Google Translate).
Cheers,
-Jeremy
Yep, mine can be in Med or Med High security, and a lot of captcha's &
other features don't
On 25 September 2016 at 19:14, Alec Muffett wrote:
> An organisation's response to scraping seems typically the product of:
>
> 1) the technical resources at its disposal
> 2) its ability to distinguish scraping from non-scraping traffic
> 3) the benefit to the organisation of sieving-out and han
On 27 September 2016 at 15:57, wrote:
> On 2016-09-27 09:45, Alec Muffett wrote:
> Two questions:
>
> Is there a way that using an exit node for Gmail, FB, etc will not be
> considered suspicious? Is that even possible?
>
I feel that there's probably no silver bullet.
In some ways this is exact
On 2016-09-27 09:45, Alec Muffett wrote:
On 27 September 2016 at 09:42, Mirimir wrote:
Exactly. This manifests where folk on Twitter complain that "zomg i'm
using the onion site and it's blocked me!" - when in fact some perhaps
code
is running - code that someone took the time to write - to
On 27 September 2016 at 09:42, Mirimir wrote:
> On 09/27/2016 01:39 AM, Alec Muffett wrote:
> > On 27 September 2016 at 06:42, grarpamp wrote:
> > In such circumstances they are not actually looking at you / what you are
> > searching for. They are looking at the behaviour of all traffic, of
> >
On 09/27/2016 01:39 AM, Alec Muffett wrote:
> On 27 September 2016 at 06:42, grarpamp wrote:
>> So sorry... when I search 'keyboard controllers' and get
>> captcha'd, so far I'm thinking, "really?, such low tolerance?,
>> you're full of shit".
>>
>
> I understand that perspective, but again th
On 27 September 2016 at 06:42, grarpamp wrote:
> On Sat, Sep 24, 2016 at 10:21 AM, Alec Muffett
> wrote:
> > [scraping}
> For some reason I view that as a copout.
>
You know, I would never phrase it that way, but in some respects I agree
with you. I'll explain...
I mean, provide real data sho
On Sat, Sep 24, 2016 at 10:21 AM, Alec Muffett wrote:
> [scraping}
For some reason I view that as a copout.
I mean, provide real data showing that it's intolerable and
I'll say yes with you. Otherwise google [et al's] infrastructure
can surely handle it (the load), and even possibly intelligently
Joe Btfsplk:
>
>
> On 9/25/2016 12:15 AM, Jeremy Rand wrote:
>> hi...@safe-mail.net:
>>> You can't use Google Translate at all with most Tor exit nodes, while
>>> there are no sane reaons why they would block Tor users from just
>>> translating text.
>> Interesting. I don't use Google Translate
On 9/25/2016 12:15 AM, Jeremy Rand wrote:
hi...@safe-mail.net:
You can't use Google Translate at all with most Tor exit nodes, while there are
no sane reaons why they would block Tor users from just translating text.
Interesting. I don't use Google Translate very often (maybe 2-3 times
per
On 26 Sep 2016 9:09 a.m., "Jon Tullett" wrote:
> That's a very interesting perspective, thanks. Is there any
> cooperation among such major players to share such information?
> Correlation to form reasonably high-confidence scraping/abuse RBLs,
> for example?
Lots, some commercial, some open-to-a
On 25 September 2016 at 20:14, Alec Muffett wrote:
> An organisation's response to scraping seems typically the product of:
>
> 1) the technical resources at its disposal
> 2) its ability to distinguish scraping from non-scraping traffic
> 3) the benefit to the organisation of sieving-out and han
On 25 September 2016 at 17:54, wrote:
> Hi Alec,
>
> Thanks for your detailed and informative response. I had never heard of
> "scraping".
Scraping comes in many forms and with many motives and intentions - in the
previous email I managed to outline a couple, but that is no more than a
sketch o
Hi Alec,
Thanks for your detailed and informative response. I had never heard of
"scraping". BTW: are you the Alec Muffett name-checked in Kevin
Mitnick's autobiography? I assume so.
It may be of note that when I got the Google error, Amazon also required
a CAPTCHA in order for me to login t
hi...@safe-mail.net:
> You can't use Google Translate at all with most Tor exit nodes, while there
> are no sane reaons why they would block Tor users from just translating text.
Interesting. I don't use Google Translate very often (maybe 2-3 times
per month), but I can't remember ever being blo
On 24 September 2016 at 13:07, wrote:
>
> Question: what are these people actually doing with the exit node IP that
> upsets Google?
That's a good question; I don't know about Google specifically, but when I
was at Facebook the most common Tor-exit-node-related problem was called
"scraping".
S
> Question: what are these people actually doing with the exit node IP
> that upsets Google?
Nothing!
I believe that Google simply wants to supress our freedom and anonymity,
because they are evil, and operated by evil beings.
You can't use Google Translate at all with most Tor exit nodes, whil
Quite often, when using Google to search with Tor (yes I know I can use
DuckDuckGo, etc!) I get the following error:
Our systems have detected unusual traffic from your computer network.
This page checks to see if it's really you sending the requests, and not
a robot. Why did this happen?
T
81 matches
Mail list logo
