Griffin Boyce writes: > I'd recommend reaching out formally (perhaps to privacy@ ?) and > proposing a whitelist or other special consideration for Tor users.
It seems obviously crazy to me for Twitter to prevent people from accessing it over Tor, both in light of widespread censorship of Twitter on different networks and in light of governments' attempts to find out where users of services are connecting from. On the other hand, if a service is viewing anomalous originating IP address as an indicator of compromise, then using Tor destroys that information source. For example, if Twitter whitelists Tor exit nodes and says that connecting from them is never viewed as suspicious, then anybody who knows this and compromises a Twitter user's account can just use the stolen account over Tor and never get detected or blocked. I guess there are some people who try to compromise Twitter accounts who wouldn't learn about this policy and take advantage of it, but that seems like a significant assumption. So, should Twitter just stop enforcing the compromise detection entirely when users connect via anonymity services? It seems like that would significantly undermine the compromise detection. One alternative idea is to have a flag on people's accounts that says "OK to connect via anonymity services"; then a question is how people can get that flag (ideally, without getting the account blocked even once) and how someone who hijacks an account can be prevented from setting the flag maliciously. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
