Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 09/27/2016 03:45 AM, Alec Muffett wrote: > On 27 September 2016 at 09:42, Mirimirwrote: > >> On 09/27/2016 01:39 AM, Alec Muffett wrote: >>> On 27 September 2016 at 06:42, grarpamp wrote: >>> In such circumstances they are not actually looking at you / what you are >>> searching for. They are looking at the behaviour of all traffic, of >>> everyone and everything else which emanates from that exit node. >> >> Are they even doing that? It's my impression that they're just looking >> up the IP address in some list that includes all Tor exit relays. But >> yes, I get how that's arguably enough, in that all Tor exits will on >> average look alike. >> > > Exactly, especially since circuits rotate around exit nodes fairly rapidly. > > And eventually someone has to write the code which says "This IP is > emanating bad stuff, but it is currently a Tor node, so just put it on the > naughty step for a few minutes until it calms down, rather than blocking it > for a longer period." That would be an excellent development. So I was wrong. Maybe there is a resolution to the conflict :) Or at least, as long as jerks are a minority among Tor users. > Once someone has done _that_, then the organisation is on the path to > caring about the real people who access the site over Tor, and finding > better solutions. Right. >> I can't imagine any resolution to this. Anonymity is Tor's key goal. >> There are jerks who need anonymity. And there are providers who want to >> exclude jerks. If you want Tor's "anonymity", and you want to evade >> discrimination against Tor users, you need to avoid identification as a >> Tor user. What else? > > > Exactly. This manifests where folk on Twitter complain that "zomg i'm > using the onion site and it's blocked me!" - when in fact some perhaps code > is running - code that someone took the time to write - to learn/remember > that you are a person who logs-in over Tor, that you really are who you > claim to be, and that this is all "okay". > > Otherwise the first time that someone logs-in from a Tor exit node might be > someone using Tor to experiment with your credentials, which they phished > off you via an e-mail, or something. (This is another popular misuse of Tor > from the perspective of the big platforms.) > > It is definitely a _tough_ problem. That is a _much_ harder problem. Because people who want an account, but want to obscure their true identity, don't look that different from people who might have stolen their credentials. Usernames and passwords are easily stolen, so sites have been using cellphone accounts. But in many places, it's hard or impossible to get cellphone accounts that aren't linked to identity. And even when it is, device tracking and poor OpSec render that moot. And India's move to biometrics-based IDs is even worse. I'm a pretty technical guy, and it's been years since I managed to get a Facebook account for a persona. But I see that bogus and stolen Facebook accounts are available in bulk from criminals, marketed to criminals. Or at least, to advertisers ;) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 09/27/2016 07:21 PM, Jeremy Rand wrote: > ... In contrast, almost every time I try to do a Google Search, I get a > CAPTCHA (and if I try to complete the CAPTCHA, I usually fail many times). With Google search, I often get an outright denial of service, even after passing the CAPTCHA and submitting the search request. But then, I'm typically using the highest security setting. So damn, I really miss the Google option in Disconnect :( -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 09/27/2016 06:50 PM, Joe Btfsplk wrote: > Sometimes, they start renewing pictures in the [CAPTCHA] array > that I've already checked, before I get to the end & submit. I > tried doing it faster - they replaced them faster. > Obvious they didn't want Tor users on those types of sites. That CAPTCHA type has become common. The instructions say to keep selecting rivers/address numbers/storefronts until no more appear. There can be many reoccurrences per changing box, even ten or more. But only 2-4 boxes change, and the ones that you don't select don't change. So the whole process goes pretty quickly. It's _much_ easier than those old distorted-character CAPTCHAs :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
Joe Btfsplk: > On 9/26/2016 11:57 PM, Jeremy Rand wrote: >> If it matters, I usually have Tor Browser in Medium-High security level, >> so Javascript is enabled for HTTPS sites (including Google Translate). >> >> Cheers, >> -Jeremy >> > Yep, mine can be in Med or Med High security, and a lot of captcha's & > other features don't work reliably. Even if allow all scripts for the > page. > Sometimes it does work. > > The times - as a test - I immediately visited the same sites w/ firefox > (immediately going to same site probably isn't a good idea, if strict > anonymity is required) & same NoScript settings -AFAIK, plus had AdBlock > and / or Ghostery running, the captchas or page features usually worked > right away. I'm convinced that sometimes, it's just Tor Browser they > don't like, or certain countries of exit relay, or certain IPa ranges. > I've repeated it enough to know it's not a fluke. > For a fact, I know it's mostly *not* because I incorrectly solved the > captcha, which they often say. > > Sometimes, they start renewing pictures in the array that I've already > checked, before I get to the end & submit. I tried doing it faster - > they replaced them faster. > Obvious they didn't want Tor users on those types of sites. For me, I cannot remember getting a CAPTCHA when visiting Google Translate via Tor Browser in Medium-High security mode. If it's ever happened, it was many, many months ago. In contrast, almost every time I try to do a Google Search, I get a CAPTCHA (and if I try to complete the CAPTCHA, I usually fail many times). So I'm rather surprised to hear that other Tor Browser users are having trouble with Google Translate. Admittedly, I'm not a heavy user of Google Translate, but it sounded like hikki was saying that they were always blocked, which doesn't match my experience at all. I'm really curious if there's some other interesting variable that could explain the discrepancy that we're not thinking of. But given that Tor Browser is intended to be non-fingerprintable, I'd think there shouldn't be any such variables. Strange. -Jeremy signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 9/27/2016 9:57 AM, blo...@openmailbox.org wrote: This is exactly my issue. If I login to my Gmail or FB account then invariably Gmail or FB thinks I am a suspicious person hence "Something seems a bit different about the way you're trying to sign in. Complete the step below to let us know it's you and not someone pretending to be you" or worse "Google couldn't verify it's you, so you can't sign in to this account right now." In the FB case, I am asked to identify my "friends" half of whom have baby photos or the image is unclear.. Sometimes I get them wrong and am locked out for a few hours. And this is when connecting via the FB .onion address. IMO, and I am curious to know what Alec thinks, Google, FB, etc are creating far too many false positives. Googling "Something seems a bit different about the way you're trying to sign in" results in numerous cases where innocent users have been locked out. Two questions: Is there a way that using an exit node for Gmail, FB, etc will not be considered suspicious? Is that even possible? I can't say about Gmail today (I hope you're not trying to use it w/ Tor, hoping for anonymity). But w/ other login sites that balked at Tor, forcing a exit relay in same country that you signed up from, sometimes fixed the messages like, "We've detected unusual behavior... Give us your home phone & address & we'll call you." :D Sometimes even Startpage, DDG, etc. will pop a captcha. I wonder why, until I look at the exit country & it's China or Uzbekistan or such. After I change that to a country less known for cybercrime, no more capthcas on those sites. Is it possible to use a different proxy way to access Gmail, FB, etc without being seen as suspicious? For example, one could use proxychains with Tor followed by a SOCKS proxy to login. Probably depends on the proxy. You could try, but I'm guessing that's what a lot of spammers & scammers try. Gmail has pretty strict rules to try & prevent fraud (keep a good reputation). They don't want to lose many users, or they don't get to scan the email & scrape the private data. Would be financial loss, so they don't want other ISPs or sites blocking gmail. It's hard to sign up for gmail w/ Tor. They want SMS authentication, which is usually going to blow most users' anonymity. By contrast, if you create an acct w/ non-Tor browser, then access it w/ TBB, that accomplishes nothing - as for anonymity. Only creating an acct w/ TBB & then *never* accessing it w/ anything else (& not having addons or plugins that might leak IPa) will accomplish anonymity. For Tor Browser email, it just seems a better idea to start w/ a provider that's both Tor friendly AND privacy / security conscious. That's not google. Even then, I'm not sure. What if you get an email - via TBB, that mentions your real name, or is from someone in your town - using their real IPa - saying, "come on over tonight, to 123 Oak St.," or gives their phone #, etc.? Then the mail provider effectively knows which town you live in, at minimum. The right agencies can then cross reference that person's contacts - if they want. And then probably the national security agency know all that. In both cases above (exit node and exit node plus SOCKS) we assume that the IP address more or less matches the "normal" non-proxy login. I am in Paris and use a Paris exit node and a Paris SOCKS proxy for example. Finally, thanks for participating in this discussion. It is rare to have people who work or used to work at the major webmail and social media companies from a) getting involved and b) providing a nuanced (not anti-Tor) perspective. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 9/26/2016 11:57 PM, Jeremy Rand wrote: If it matters, I usually have Tor Browser in Medium-High security level, so Javascript is enabled for HTTPS sites (including Google Translate). Cheers, -Jeremy Yep, mine can be in Med or Med High security, and a lot of captcha's & other features don't work reliably. Even if allow all scripts for the page. Sometimes it does work. The times - as a test - I immediately visited the same sites w/ firefox (immediately going to same site probably isn't a good idea, if strict anonymity is required) & same NoScript settings -AFAIK, plus had AdBlock and / or Ghostery running, the captchas or page features usually worked right away. I'm convinced that sometimes, it's just Tor Browser they don't like, or certain countries of exit relay, or certain IPa ranges. I've repeated it enough to know it's not a fluke. For a fact, I know it's mostly *not* because I incorrectly solved the captcha, which they often say. Sometimes, they start renewing pictures in the array that I've already checked, before I get to the end & submit. I tried doing it faster - they replaced them faster. Obvious they didn't want Tor users on those types of sites. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] is it me or did tor talk get really quiet?
On 9/26/2016 7:07 PM, Moritz Bartl wrote: On 09/26/2016 09:02 PM, Joe Btfsplk wrote: Some may say they still get several tor-talk emails / day and I do, too. But several current, relevant technical questions I've asked about Tor issues get no comments. Questions I'm pretty sure a lot of people would be interested in. And that at least some advanced users would have partial answers or suggestions for, but not a peep. This is in stark contrast to the past on this list. At times, it almost seems that many knowledgeable people gave up or moved. Need to find where the cool kids are hanging. :) Some of it has moved to more specific lists like https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions and https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays . I know you, Joe, are aware of that, but others who follow this thread might not be so I wanted to mention it. Thanks Moritz. I was aware of some, but not all. I'm a bit confused. The subject matter for tor-onions and tor-relays lists are pretty obvious/./ But the tor-project link says, "About tor-project Moderated discussion list for tor contributors..." [ellipsis is included] /"How do I get permission to post to tor-project@ Just ask. Anyone is allowed to watch, but *posting is restricted* to those that actively want to make Tor better."/ What does "for tor [Sic] contributors" mean, exactly, or "those that actively want to make Tor better?" Is tor-project list not for fairly advanced users, or bug filers, or those giving more to the community than just asking questions (but never contribute useful input)? Or is it only for devs or people providing highly technical input (e.g., providing code suggestions or highly technical bug work arounds, etc.)? Is tor-talk now for the most basic beginner questions / answer / discussion? If still for technical issues and fairly technical people rarely visit it, there may be mostly questions & few answers. Is this partly because on tor-talk, numerous times that unmoderated discussions strayed from Tor issues? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 25 September 2016 at 19:14, Alec Muffettwrote: > An organisation's response to scraping seems typically the product of: > > 1) the technical resources at its disposal > 2) its ability to distinguish scraping from non-scraping traffic > 3) the benefit to the organisation of sieving-out and handling the > non-scraping traffic, rather than ignoring it all > Just to reinforce this a bit, it's not only the biggest/hugest names: Why does @Airbnb not allow connections over Tor? https://twitter.com/dosch/status/777602410978086912 (and thread) I haven't actually tested this "block", nor do I have any special knowledge of Airbnb, but I would expect them to suffer similarly from scraping & spam sourced by people of bad intention who use Tor to hide their tracks. I believe that I suggested "outreach", and perhaps "charm", as being beneficial for turning companies from "victims of Tor" into "evangelists for Tor"? :-) - alec -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-friendly email provider
>> https://trac.torproject.org/projects/tor/wiki/doc/EmailProvider > > I don't understand the recommendation of this list for mail.ru > >> BAD will lock your account later when using tor, no anon recovery >> possible > > mail.ru will look my account if I was using Tor and this is recommended > by TorProject.org for Tor user? Hmmm - just because something is on a wiki hosted on tpo it is not necessarily endorsed or recommended by the Tor Project in any way. And since you experienced problems with mail.ru you can easily move it from the "good" section to the other section - it is a wiki after all.. signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 27 September 2016 at 15:57,wrote: > On 2016-09-27 09:45, Alec Muffett wrote: > Two questions: > > Is there a way that using an exit node for Gmail, FB, etc will not be > considered suspicious? Is that even possible? > I feel that there's probably no silver bullet. In some ways this is exactly what Mirimir posted about above - I think there is much (much!) more to Tor than "Anonymity", but the architecture of TorBrowser in particular revolts against long-lived session session cookies and the other technologies which afford strong, trustable, long-term concepts of authenticated communication between a browser and a site. For more about this, the latter half of a video I did at a conference a couple of years ago may be interesting: https://video.adm.ntnu.no/pres/54b660049af94 Summary: authentication is not just binary "I Have A Session Cookie!" any more. Is it possible to use a different proxy way to access Gmail, FB, etc > without being seen as suspicious? For example, one could use proxychains > with Tor followed by a SOCKS proxy to login. > If I understand you right (?) I think that was exactly the reason we/Facebook set up the Onion site. A Tor-sympathetic access mechanism, more likely to be selected by human beings than folk pursuing the scraperfriendly adequate location-anonymity which exit nodes provide. > In both cases above (exit node and exit node plus SOCKS) we assume that > the IP address more or less matches the "normal" non-proxy login. I am in > Paris and use a Paris exit node and a Paris SOCKS proxy for example. > Check the video - it's not just "location". Remember, when working in a London office, employees of non-UK companies often ip-geolocate to being in (eg:) USA, FR, NL, or JP; this _really_ confuses organisations (eg: The BBC) who fee (or are) obligated to take geolocation overly seriously. > Finally, thanks for participating in this discussion. It is rare to have > people who work or used to work at the major webmail and social media > companies from a) getting involved and b) providing a nuanced (not > anti-Tor) perspective. You're welcome! It's nice to share! -a -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 2016-09-27 09:45, Alec Muffett wrote: On 27 September 2016 at 09:42, Mirimirwrote: Exactly. This manifests where folk on Twitter complain that "zomg i'm using the onion site and it's blocked me!" - when in fact some perhaps code is running - code that someone took the time to write - to learn/remember that you are a person who logs-in over Tor, that you really are who you claim to be, and that this is all "okay". Otherwise the first time that someone logs-in from a Tor exit node might be someone using Tor to experiment with your credentials, which they phished off you via an e-mail, or something. (This is another popular misuse of Tor from the perspective of the big platforms.) It is definitely a _tough_ problem. -a This is exactly my issue. If I login to my Gmail or FB account then invariably Gmail or FB thinks I am a suspicious person hence "Something seems a bit different about the way you're trying to sign in. Complete the step below to let us know it's you and not someone pretending to be you" or worse "Google couldn't verify it's you, so you can't sign in to this account right now." In the FB case, I am asked to identify my "friends" half of whom have baby photos or the image is unclear.. Sometimes I get them wrong and am locked out for a few hours. And this is when connecting via the FB .onion address. IMO, and I am curious to know what Alec thinks, Google, FB, etc are creating far too many false positives. Googling "Something seems a bit different about the way you're trying to sign in" results in numerous cases where innocent users have been locked out. Two questions: Is there a way that using an exit node for Gmail, FB, etc will not be considered suspicious? Is that even possible? Is it possible to use a different proxy way to access Gmail, FB, etc without being seen as suspicious? For example, one could use proxychains with Tor followed by a SOCKS proxy to login. In both cases above (exit node and exit node plus SOCKS) we assume that the IP address more or less matches the "normal" non-proxy login. I am in Paris and use a Paris exit node and a Paris SOCKS proxy for example. Finally, thanks for participating in this discussion. It is rare to have people who work or used to work at the major webmail and social media companies from a) getting involved and b) providing a nuanced (not anti-Tor) perspective. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 27 September 2016 at 09:42, Mirimirwrote: > On 09/27/2016 01:39 AM, Alec Muffett wrote: > > On 27 September 2016 at 06:42, grarpamp wrote: > > In such circumstances they are not actually looking at you / what you are > > searching for. They are looking at the behaviour of all traffic, of > > everyone and everything else which emanates from that exit node. > > Are they even doing that? It's my impression that they're just looking > up the IP address in some list that includes all Tor exit relays. But > yes, I get how that's arguably enough, in that all Tor exits will on > average look alike. > Exactly, especially since circuits rotate around exit nodes fairly rapidly. And eventually someone has to write the code which says "This IP is emanating bad stuff, but it is currently a Tor node, so just put it on the naughty step for a few minutes until it calms down, rather than blocking it for a longer period." Once someone has done _that_, then the organisation is on the path to caring about the real people who access the site over Tor, and finding better solutions. > I can't imagine any resolution to this. Anonymity is Tor's key goal. > There are jerks who need anonymity. And there are providers who want to > exclude jerks. If you want Tor's "anonymity", and you want to evade > discrimination against Tor users, you need to avoid identification as a > Tor user. What else? Exactly. This manifests where folk on Twitter complain that "zomg i'm using the onion site and it's blocked me!" - when in fact some perhaps code is running - code that someone took the time to write - to learn/remember that you are a person who logs-in over Tor, that you really are who you claim to be, and that this is all "okay". Otherwise the first time that someone logs-in from a Tor exit node might be someone using Tor to experiment with your credentials, which they phished off you via an e-mail, or something. (This is another popular misuse of Tor from the perspective of the big platforms.) It is definitely a _tough_ problem. -a -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 09/27/2016 01:39 AM, Alec Muffett wrote: > On 27 September 2016 at 06:42, grarpampwrote: >> So sorry... when I search 'keyboard controllers' and get >> captcha'd, so far I'm thinking, "really?, such low tolerance?, >> you're full of shit". >> > > I understand that perspective, but again that's looking at the "tail > wagging the dog". > > In such circumstances they are not actually looking at you / what you are > searching for. They are looking at the behaviour of all traffic, of > everyone and everything else which emanates from that exit node. Are they even doing that? It's my impression that they're just looking up the IP address in some list that includes all Tor exit relays. But yes, I get how that's arguably enough, in that all Tor exits will on average look alike. I can't imagine any resolution to this. Anonymity is Tor's key goal. There are jerks who need anonymity. And there are providers who want to exclude jerks. If you want Tor's "anonymity", and you want to evade discrimination against Tor users, you need to avoid identification as a Tor user. What else? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 27 September 2016 at 06:42, grarpampwrote: > On Sat, Sep 24, 2016 at 10:21 AM, Alec Muffett > wrote: > > [scraping} > For some reason I view that as a copout. > You know, I would never phrase it that way, but in some respects I agree with you. I'll explain... I mean, provide real data showing that it's intolerable and > I'll say yes with you. Otherwise google [et al's] infrastructure > can surely handle it (the load), and even possibly intelligently > defend against it. > It's not right to conflate: "their infrastructure can surely handle it!" ...with: "they cannot be bothered to sort the wheat from the chaff!" ...but the latter is a lot closer to the truth than the former, and I find it regrettable. Let's do some back-of-the envelope maths: I have no idea of Google's statistics but if 1 million people use Facebook over Tor, and Facebook serves 1.7 billion people, then the Tor-using population of Facebook is about: ( 1 million / 1.7 billion ) * 100 = 0.06% (rounded up) ...of the userbase. To put this into context, imagine a vacuum cleaner, and a bag of dust it in is about 1.5kg / 3.3lbs; then put a single grain of rice into the bag (1/64g) - ( 1 / ( 64 * 1500 ) ) * 100 = 0.001% So globally per capita, the overall percentage of people who use Facebook over Tor would be about 60 grains of rice. That's about a teaspoonful of rice in a vacuum cleaner. Have you ever vacuumed-up a teaspoonful of dropped rice and not bothered to pick it out of the bag? You have to really _care_ about that rice, care about those users in order to want to do that. It's not economical behaviour. But the situation is actually _worse_ than this, because the vast majority of "legitimate" traffic does not pass through Tor en-route to Facebook or Google, most of it is via apps, or via direct browsing. When you're dealing with the traffic which emanates from Tor's exit nodes the relative percentage of dust (scraping & spam) to rice (legit people) increases greatly. I don't know the numbers - 10x, 100x ? - it will vary from platform to platform, and (as stated before) FB will have a slightly easier time of it because of the richer signals from login credentials. It might be 6 grains of rice in a vacuum cleaner. or 1 grain. Or less, depending on the platform. So to convince people who work at companies of the value of hunting for and recovering these grains of rice, you have got to make them _care_. So sorry... when I search 'keyboard controllers' and get > captcha'd, so far I'm thinking, "really?, such low tolerance?, > you're full of shit". > I understand that perspective, but again that's looking at the "tail wagging the dog". In such circumstances they are not actually looking at you / what you are searching for. They are looking at the behaviour of all traffic, of everyone and everything else which emanates from that exit node. They are mostly looking at a bag of dust, not at your rice-grain legitimate search. And if you want to make them care about that, and if you would like them to do better, my first tip is not to go around telling the (say: Google) engineers that they are "full of shit". It's a human thing. It tends to make people upset and not listen. I would love for Google and CloudFlare to do better in this space. CF did at least _try_ with a crazy proof-of-work scheme (which is a popular way of identifying scrapers, btw) but that's a category error because Tor is a network stack not a browser-access-solution. But the Tor activist community just totally savaged CF, with the entirely predictable result of both sides hunkering down into a war of attrition. Let's not repeat that? -a -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk