Talking w/local service CEOs [LJ, goog...]

grarpamp grarpamp at gmail.com
Mon Dec 21 11:48:42 UTC 2009


> In most cases, they come to us to ask how they can handle the
> jerks without punishing everyone. This implies they see value in
> Tor.

This is quite interesting response. The second sentence of which
indicates the 'everyone' is Tor, being seen in two categories, jerk,
nonjerk. Not everyone as in their entire userbase. Interesting is
they came to Tor to segregate that. Thought they would just ask how
to nuke it all and move on. It's pretty awesome various people
are getting out and actually talking with each other!


> Something more automated, like nymble, may be a boon to more
> acceptance of Tor (http://www.cs.dartmouth.edu/~nymble/).

Briefly reading their docs. Looks like another brokered system.
Problem is the PM's and NM's are run by the same third party.  That
party has all the data needed to de-anon you at the request of the
site or other entities. Even if the roles are split across parties
it is still much weaker than Tor. And they quote:

"Nymble's main goal is to protect users' privacy with respect to
the servers they connect to: Client's IP addresses are anonymous to servers.
Clients must trust Nymble to provide this anonymity against servers."

Further, it can't deal with multiple users behind say, corporate,
university and cafe nats. And it DHCP environments could be a mixed
bag of time delays after getting stuck with the jerks old ip address.

It still has a place though, but hopefully not an exclusive one.
The time forgiveness is nice.


> I believe these are automated systems blocking posts or such, and
> not targeted at Tor itself.

If this refers to Craigslist, it seems that yes, sometimes it will
throw up an automated blocked-392242xxx at craigslist message upon
viweing.  As for posting, they tend to silently sink posts somewhere
in the positng process before it actually makes it into the listings.
My testing seems to say that some large fraction of the exit nodes
are blocked in this silent fashion.

I think Craigslist is in dire need of systems programming help and
a good bit of creativity. Their flagging system can be leveraged
much more effectively. And they can definitely reap some good wins
with throwing both their posts and inbound mail through the equivalent
of DSPAM. And they do really stupid stuff like putting the email
links in the personals section behind captchas but leave the rest
of their site links open. I'd leave it all open and DSPAMify it.
With all the spam posts they have, there's actually benefit in
allowing geeks to automate their LTR searches and replies :)

In Canada, plentyoffish seems to block new account creation via
tor. Usage works ok, unless you roam outside minimally the USA,
then you get auto nuked.

Google also blocks new accunt creation. Honestly, I don't have much
faith in google anymore. With all their brainpower they really have
no excuse for throwing up SMS as a way to combat their publicly
stated primary reason for doing so in their FAQ's... spam prevention.

Facebook seems ok.

Hate Ebay so can't comment.
Don't know much about identi or LJ.

Though agreed, absent statements from them all as to what they're
doing to combat and assist behind the scenes, it could be just the
Tor IP's being unlucky in the game of permanent whack a mole. As
opposed to targeting Tor specifically. I'll give that maybe 50/50
odds.

> I think the more enlightened a company is about handling privacy,
> the more their userbase will trust them.  I'm more likely to use
> a company if they say they respect my privacy by allowing me to
> use Tor

Absolutely agreed. I've read dozens of corporate privacy policies
end to end and they all have a numerous cop outs in them that give
me no reason to trust them. Particularly in regards to 'those third
parties which provide services to them so they can serve you'
clauses.

The more restrictive/closed about how their services are used and
their internal policies and practices, the less kudos they earn.

I would not be suprised at all if there are third party shells
backed by very large black orgs whose purpose is to vacuum up,
correlate, and rebroker the social data space... based entirely on
similar cop outs or plain old under the table dealings. Blacker
versions of Intelius, Axciom, Google and the credit bureaus come
to mind.

Happy socializing, suckers ;)


> If someone wants to help coordinate a lunch or some meetup; there
> are Tor people that can show up to help.  I've been impressed by
> some of the presentations others have done about Tor, online
> privacy, anonymity and why this matters, all over the world.

Local linux/bsd/win/mac/2600/cissp/infragard/etc user groups also
come to mind as both source and sink for Tor related outreach.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list