On Tue, Sep 27, 2016 at 3:39 AM, Alec Muffett <alec.muff...@gmail.com> wrote: > So to convince people who work at companies of the value of hunting for and > recovering these grains of rice, you have got to make them _care_.
I want to see more than one overlay network with "exit" feature, Tor is a singular easy target painted on the back of the internet. I want more people on them, and by default. > community just totally savaged CF, with the entirely predictable result of The blurry cowspot impossible repetitive "trtruullm yrtllmnnr" captchas set themselves on fire for that, no community needed. CF and non-login Google search, etc are network based. Yes that's harder. But at least let my cookie roam the net, and only kill it when you subsequently see it doing bad, not just for roaming. And for account based services, I expect far more... We want the accounts, without phone. Then I want graduated service enablement based on human pattern heuristics... participation, length of time, kbd / click data, backoffed captcha intervals, bitcoin deposit with automatic return schedule, user realness ratings by other users, etc. These have real and rather unprogrammable / rising costs to illegitimate users / bots. For such services, I want canceling of accounts, not canceling of IP's. [Another silly example... a site that denies credit card via tor (well, that's plausible, sortof, barely, not), but then also offers and denies bitcoin payment via tor too. Just because they didn't think or bother to put in the extra two lines of code to permit the latter. (Or they laughably think they need to know provenance of coin to kiss regulation that doesn't exist.)] The top sites in every category all have staff and budget that could implement some levels of this, they just don't. Because in my opinion, they don't give a shit. Their brains, singularly and collectively, are programmed to be and act negatively "how can we reject", not positively "how can we include". How can we design / buy / sell hardware and software to exclude and block. Etc. Which also means they don't tend to listen to users. Or bother with nice things like "hey you're one of 500 accounts we nuked via IP, if we got you wrong, login here and tell about it". It's old school top down kill focused and at the earliest stage. We should be seeing a mentality change with the latest generation of web. After all, tor vpn etc exists now. Yet I wonder if we are. If not, it needs changeing. They need insider people (the Alec's) at their insider corporate conferences and roundtables telling them real users / anons of anon / real / vpn / wifi networks, and some solutions exist. > both sides hunkering down into a war of attrition. > > Let's not repeat that? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk