[jbentham]

If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.

If SE executives are really concerned about spam and vandalism by anonymous actors, then SE could Tor users to post assets in escrow (e.g. Monero) before posting. Similarly, if SE executives are concerned about denial-of-service attacks, then SE could rate-limit the sites that are causing the attacks; Tor is not efficient for that kind of attack anyway. There is no sound argument that blocking Tor entirely would further the interests of SE users.

This is the act of a monopolist in secular decline.

[Cthulhu_]

Tor is used for shady practices, just like proxies of old. SE has a lot of measures in place already to prevent shady practices. If 90% of traffic from Tor exit nodes is shady, why shouldn't they block Tor entirely?

If you access any website through Tor (or proxies) you're already more suspicious than the average user. If enough people cause trouble through Tor exit node IPs, it's only natural they get blocked.

[jbentham]

Actually, there is no evidence that Tor is any shadier than the rest of the Internet, especially given that most attacks and vandalism originate from botnets and other compromised systems, not Tor.

Akamai published an analysis that affirms this:

https://web.archive.org/web/20170317110115/https://www.akama...

[harabat]

Great resource, a surprisingly clear and detailed introduction to the various attacks faced by websites!

The relevant part:

> "we concluded that approximately 1 in 380 http requests coming out of Tor is verified to be malicious, while only 1 in 11,500 http requests coming out of a non-Tor ip were verified to be malicious. In essence, an http request from a Tor ip is 30 times more likely to be a malicious attack than one that comes from a non-Tor ip."

[yanmaani]

Because 'shady' traffic does you more or less no harm, unless your web application executes arbitrary untrusted input?

For a serious site, the cost of allowing passive reading is going to be ~0.

[zxcvbn4038]

Pure propaganda. I used to work at a top five web site, Tor never caused us any problems, our problems were 1) hacked university accounts from eastern Europe 2) China 3) Russia 4) super-fans trying to download every video and picture of their favorite porn star at once.

We occasionally had people upload child porn, they did it over the public internet and not tor, our lead counsel was a former US district attorney, his hobby was doxing the uploaders and providing all the evidence and information to the authorities in a "ready to prosecute" package. I forget the exact number but I think he got almost a dozen people prosecuted and jailed.

[Scoundreller]

I think it’s more like Tor traffic is 99.9999% less profitable.

“Legit” Users likely block ads, are unlikely to enter their credit card numbers because of MITM shenanigans and it’s one of the few browsers that takes non-fingerprintability of its users seriously.

[jbentham]

If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.

If SE executives are really concerned about spam and vandalism by anonymous actors, then SE could Tor users to post assets in escrow (e.g. Monero) before posting. Similarly, if SE executives are concerned about denial-of-service attacks, then SE could rate-limit the sites that are causing the attacks; Tor is not efficient for that kind of attack anyway. There is no sound argument that blocking Tor entirely would further the interests of SE users.

A site looking to grow its influence would be more concerned with attracting new users than repelling them. This is the act of a monopolist in secular decline.

[floatingatoll]

Not deanonymise, no.

Come up with a way for siteops to block someone and all their sockpuppet accounts, without knowing the underlying identity, and you’ll become a billionaire.

Without that, the only option we have today is deanonymization, which is a terrible option. We ought to do better.

[zozbot234]

It's really just a matter of balancing the difficulty of creating a new "identity", so that legitimate users can occasionally use multiple identities to partition their traffic and make it harder to get doxxed, but are still deterred from creating identities cheaply to engage in sybil attacks or escape blocks. There are various ways of committing real-world resources to an identity to deter such abuse. Actual meatspace identity is of course one way of doing this, but there are probably others.

[floatingatoll]

That’s all plausible sounding, but no one’s connected the dots and done it yet. We’re still at “step 2: ???”.

[jbentham]

What you are assuming is possible is a logical contradiction. To be able to recognise two persons as being the same is in fact the definition of de-anonymisation. Please check your math.

[paxys]

It is not a contradiction. See https://en.wikipedia.org/wiki/Zero-knowledge_proof as a somewhat similar example.

[floatingatoll]

I'm not restricting my considerations to "the technology that is implemented and available to Tor users today", given that what's available neither meets the needs of sites, nor the needs of users. If you think that the idea is inappropriate, please state so and make your case for why you believe in your viewpoint. If you think that the idea is impossible, please note why you believe that — and then consider the idea as if it were possible.

[fabian2k]

This is not the spam or vandalism counter-measure, those work differently and only block posting to the sites. And you can avoid them if you establish a reputable account, they won't affect you anymore then.

[jbentham]

If it is not to block spam, or vandalism, or denial-of-service attacks, then what is the purpose of this new policy?

To your other point, how can one establish a 'reputable account' if it is not even possible to access the site in the first instance.

[floatingatoll]

Reputation is a feature of identity. Tor users are, by definition and intent, unidentifiable. Opting out of identification naturally opts one out of reputation, as is the case in reality as well — for example, Anonymous using Guy Fawkes masks to prevent reputation from being associated with their citizenship identity.

I don’t understand why Tor users would be interested in reputation at all, given the implicit identification it requires.