LITTLEBLACKDOG.COM

http://tor.eff.org/overview.html.en

Please read the issue before you vote.

Part of what makes this community work well is knowing that the people are real, and not pretending to be someone or something else. While the concept of The Onion Router Project is noble, and for the purposes they state in the Tor overview and legal issues pages on their home page are good purposes, those purposes, I currently think, are not purposes by which people should be using this forum.

First of all, very few people on this forum can see IP addresses, and the admins need to see them for a reason, namely, to make sure you are who you say you are. This keeps the spammers, scammers, and scummers away. Having botnets is bad enough, but having new users joining via Tor is not consistent with how we expect people to behave on the forums. "If you are so paranoid about joining that you have to hide behind a proxy, don't join" is what I am thinking. Maybe I'm being harsh about it though.

The thought of spammers using Tor servers to abuse our hospitality does cross my mind. It's been done, from what I understand. I guess the Tor people do tend to not allow too much volume from one Tor user, so that mitigates it to some degree.

Now, I could be easily swayed by arguments in favor of allowing Tor users. So I'm asking for a general vote here.

Posted: Sat Dec 02, 2006 1:16 pm Post subject:

Good question. I can see arguments for and against. However, despite seeing contrary arguments, I'd be inclined to allow it. Anonymity is a right, not a privilege.

As for a technical consideration, is an IP ban the only method available for stopping spammers?

I've gone for the "defer the decision" option. If someone does abuse it, it ought to be easy enough to clean up the mess and implement some blocks against it.

Posted: Sat Dec 02, 2006 1:42 pm Post subject:

I would suggest to wait it out and see if it's a problem.

Posted: Sat Dec 02, 2006 2:58 pm Post subject:

How would you identify users of this service and block them? From my understanding of what I read, its not a defined route that they take to access LBD, but any number of routes which would dynamically change based on users that are using the service.

Would you monitor for multiple IP's in the same session, different ISP's within X amount of time or?

Posted: Sat Dec 02, 2006 3:04 pm Post subject:

Extreme wrote:
How would you identify users of this service and block them? From my understanding of what I read, its not a defined route that they take to access LBD, but any number of routes which would dynamically change based on users that are using the service.

Would you monitor for multiple IP's in the same session, different ISP's within X amount of time or?

They look very much like a botnet in action. Trust me, the pattern is incredibly similar. I wouldn't have brought this up if it wasn't an issue which had presented itself. The user's IP keeps changing, constantly.

The Tor server network is published, and all Tor servers are identified; This list in fact has them.

Posted: Sat Dec 02, 2006 3:07 pm Post subject:

EdisonRex wrote:
Extreme wrote:
How would you identify users of this service and block them? From my understanding of what I read, its not a defined route that they take to access LBD, but any number of routes which would dynamically change based on users that are using the service.

Would you monitor for multiple IP's in the same session, different ISP's within X amount of time or?

They look very much like a botnet in action. Trust me, the pattern is incredibly similar. I wouldn't have brought this up if it wasn't an issue which had presented itself. The user's IP keeps changing, constantly.

The Tor server network is published, and all Tor servers are identified; This list in fact has them.

I guess this would help as well:

Quote:
Want to block Tor users from abusing your website?
Just copy our Tor blacklist to the . htaccess on your Apache webserver.

[edit]My vote would be to wait until its abused before taking any action.[/edit]

Leg Humper Joined: 11 Oct 2003 Posts: 5997

Tor is a system that can preserve freedoms by anonymity or allow criminal actions being untraceable.
One person's freedom may well be a criminal action in some countries.

I will vote to allow.
Assuming blacklists and banning are applicable for offenders contravening our laws and freedoms on/in here as they are for 'normal' registering members.

I cannot see a use for the defer vote. If we cannot experience then we cannot judge.

Posted: Sat Dec 02, 2006 10:11 pm Post subject:

Farmboy voted to allow...

If a user breaches LBD's AUP then by all means ban them but don't ban them just because they MIGHT break the rules.

If it comes to that then please ensure that farmboy is one of the first users you ban

Butt Sniffer Joined: 09 Nov 2000 Posts: 1883

EdisonRex wrote:
"If you are so paranoid about joining that you have to hide behind a proxy, don't join" is what I am thinking. Maybe I'm being harsh about it though.

If I didn't trust, as much as possible without physically meeting, the folks running the site I wouldn't be here.

I don't think it's harsh, I'ld feel the same way if this was my forum.

Hell as far s i know O could be schizophrenic and everyone on here could be here multiple personalities.

Oh god, maybe I am just one of her personalities too?

Posted: Sun Dec 03, 2006 2:16 am Post subject:

Pros and cons. So lets try and terminate upon failure. Translation: third alternative.

/Akely

Guide Dog Joined: 08 Nov 2003 Posts: 8145 Location: MN

any way that we could require you join from a real IP, and allow existing users to use such services?

As I have tor setup on one of my machines, and have used it through SSH sessions to get out to the web from places that block access to places like LWD and LBD.

Posted: Sun Dec 03, 2006 12:17 pm Post subject:

anglachel wrote:
any way that we could require you join from a real IP, and allow existing users to use such services?

As I have tor setup on one of my machines, and have used it through SSH sessions to get out to the web from places that block access to places like LWD and LBD.

First really good argument I have heard so far for Tor. Good point.

It would require code which I am not interested in having done to the site, to require "real" IP (define "real"). Tor is hardly the only proxy out there.

Posted: Fri Dec 22, 2006 9:53 pm Post subject:

Just as FYI...heres another service to hide your identity:
http://getfakeip.com/

Basically just uses various proxies...and these guys dont have an open list of IPs to use.

Posted: Sat Dec 23, 2006 6:05 am Post subject:

I'm going to vote the third option

It looks like the intent for Tor software is more for safety against all the Spammers that use IP information as a means to Spam others.

Hell I would use it just on the basis of not getting those stupid advertisment pop ups that show you what city you're living in. Mad

Posted: Mon Dec 25, 2006 5:37 pm Post subject:

I have mixed feeling about it, but then you would have to look at blocking all proxies or even some of the up and coming Remote Desktop services like CosmoPod.