[jeremysmyth]

Tor can be used for good and for bad. It's the very same problem that Cory Doctorow talks about in his lectures about the War on General Purpose Computing, and it's not an easy problem to solve.

I'm an admin on a social/gaming site (a MUD with appendant forum, blogs, and other community elements), and we have had to make a few decisions about Tor in the last couple of years.

Some background: the site is quite old, and we have historically encouraged users to sign up without needing to provide a unique ID such as email address. They can provide one, but don't have to. In the last few years we have had the problem of occasional griefers log on and cause whatever social havoc they can.

Now, my personal feelings about Tor are generally quite positive, and I like the freedoms it provides people who are otherwise restricted by their ISPs or governments from accessing legitimate resources. Like many others have said, Tor is a tool that, while it can be used to do illegal things, is also used to provide a very useful service to people who need it to get on with things you and I take for granted.

Now, back to our griefers: We have a number of banning mechanisms based on IP or domain, and they tend to be successful because griefers usually get bored when they can't access the site for a couple of hours. However, because a tiny minority of griefers are more persistent, more technically adept, and figured they could use Tor to damage our community, we did a little bit of analysis and found that few if any legitimate users of our site came from Tor exit points, and we chose to block them. The alternative was to require a unique identity during the sign-up process, and frankly we wanted as few hurdles as possible to new users (anyone who knows the MUD community knows that it's in decline, and low-friction signups are pretty desirable). So we blacklist Tor exit points from our signup process. The unfortunate fact is that some Tor users do bad things with the fantastic tool at their disposal, and end up spoiling it for the legitimate (and extremely valuable) use cases that make it such an amazing tool. Yet its very anonymity means that there is no easy way to allow one set of uses while disallowing others. This is a hard problem, and one I'm not smart enough to solve.

[mst]

Assuming you have the technical capability, requiring an email address and confirmation for only tor users could work.

Freenode does something similar - tor and other problematic traffic sources can connect but must use connect time SASL to authenticate to a previously created account, which is sufficient to exclude the vast majority of the griefers.

[bigiain]

At least right now – I suspect the intersection of "TOR users" and "people happy to provide email address confirmation" is so small as to be insignificant. Any development effort aimed at that cohort could almost certainly be better used elsewhere.

Having said that, I'm currently trying to make a point of using TOR for regular and mundane uses - particularly if using government sites - just to increase the amount of "legitimate" tor traffic. I'm also (carefully) intentionally de-anonymising myself while using tor like this - identifying myself to local government websites while doing "ordinary" things while connected over TOR - I booked an extra trash collection recently for example. I don't suppose my local council website managers even notice, but I like to think my local PRISM equivalent operators see traffic like this and think "WTF?" ;-)

(But like the parent-poster, I've suffered forum-trolls, and given the time and skill poor nature of most forum owners, the obvious "just ban free email accounts/tor/cellular-ip signups" is often the right, if overly broad hammer.)

[kbuck]

FreeNode's use is a bit more extensive than just requiring an email address - you have to create the account from a non-Tor IP, so if you do something bad and get banned, they ban the account (thus preventing further access from you via Tor) and then also have the option of banning the IP that registered the account (preventing it from registering further accounts that will be abused via Tor). If they really want to, they can also ban the email address, but in practice this really isn't worthwhile as it's so easy to get a different one.

[Tuna-Fish]

What good would email address confirmation do? You do know about mailinator, right?

[JohnTHaller]

Most sites that have issues with trolls and find IP blocks insufficient can also block on mailinator and similar domains.

[Tuna-Fish]

No, they attempt to block similar domains. And completely fail at it.

I never use my main email for anything I don't feel requires it, and while maininator.com is often blocked, I've never in my life had to refresh the mailinator page more than twice for an alternate domain that works. Since mailinator accepts email from any domain that has it's MX record set to it, if you own a domain you can set it to be an alternate name to mailinator in seconds. Enough people have done this.

[JohnTHaller]

There are tons of lists that are regularly updated that list all published mailinator.com domains. While it's true you can set up a new one on a subdomain of your own, as soon as you publish it to mailinator and it enters the rotation of the domains that come up, it's easily added to the lists and blocked. There's even a commercial live list with plugins for most email systems that blocks on any of the hundreds of mailinator-listed domains as well as over a thousand other disposable email domains.

Heck you can just write a script to refresh the mailinator.com homepage to start pulling out domains to block: @veryrealemail.com, @chammy.info, @mailinator2.com, @spamthisplease.com, @sogetthis.com, @mailinator.net, @binkmail.com, @sendspamhere.com, @spamherelots.com, etc.

[devicenull]

No, it's actually super easy to block it if you're clever enough ;)

[Tuna-Fish]

Could you point me to a site that does successfully block it?

[rogerbinns]

> We have a number of banning mechanisms ..

Did you try the other approach taken by many sites of making their posts/activity hidden from others? Initially they can't tell the difference between being ignored and being hidden. It also has the advantage that if they were incorrectly hidden you can turn it off and their activity is still present.

[jeremysmyth]

We did this for social contact (channels, forums, and other forms of communication) for a while, but because it's a MUD, it's a shared world with persistent effects, so it's impractical to make all activity invisible. Blocking social communication just resulted in other forms of griefing as a result. Griefers gonna grief.

[whatusername]

Could you spin up a griefer instance of the MUD?

So all they interact with (and can disturb the world of) is other griefers?

[im3w1l]

I think the problem with Tor is that it makes it very easy to create multiple pseudonyms. Fwiw, the approach used to combat spam successfully on freenet based fora, is to artificially increase the effort. This can be done by not activiting an identity for x hours, or requiring that users solve n captchas on signup.

[pyre]

If you provide access to the website as a Tor hidden service, do you get some sort of unique ID for the computer connecting that can be banned? I don't know much about the Tor protocol, but if you're on the receiving end of packets that need a response, you need a way to address them back.

[mike-cardwell]

No, you do not get any such thing.

Basically, the client and the machine hosting the hidden service both connect to a rendevouz point and communicate via that. The connections to the rendevouz point are not direct. They are bounced through three nodes, with three layers of encryption, each node being able to peal off one layer before passing it on to the next.

This is why hidden services are pretty slow. Every packet has to be routed through 6 other machines, which each can be anywhere in the World.

[visarga]

It's bearable. I avoided Tor for years thinking it would be too slow. My mistake. You can even watch YouTube on it.

[mike-cardwell]

There is enough bandwidth. It is latency that is the problem. That's why stuff like streaming videos or downloading large files over hidden services works fine.

[lsakdfjow]

What must be done, and by who, to solve the latency issue? Can it be improved at all? It seems that more folks rnning relays and contributing bandwidth increases available bandwidth, but what can be done about latency, anything at all?

[mike-cardwell]

Somebody put it well on the tor-talk mailing list today:

"both the client and the hidden service establish a three hop circuit to the same tor relay, where the connections are joint, so hidden services will have even double the delay of normal tor traffic. If relays were homogeneous distributed among the globe, two random relays will be 1/4 earth circumference apart on average. This means that a round trip will have a speed of light delay of 12 hops * 10 000km each / 300 000 km/s speed of light. That's 400ms from finite speed of light. Switches, routers and relays along the way will add to that."

[supergirl]

Doesn't matter if his website is a hidden service or not. The communication between the website and the user is done through Tor relays, which are shared. There cannot be any unique ID tied to the user because that would break anonymity.

[pyre]

> Doesn't matter if his website is a hidden service or not.

Well, when it's not a hidden service, it's the exit node that gets to see the contents of the message before sending it (unless it's SSL of course) to the wider Internet. If there was a unique ID within the Tor network, no one on the wider Internet would be able to see it. My thought was that if you were connecting directly to a hidden service within the Tor network, there might be a unique ID. Sounds like even connecting to hidden services within the Tor network is done indirectly.