Roger Dingledine commited on 2006-05-26 18:46:51
Zeige 1 geänderte Dateien mit 28 Einfügungen und 13 Löschungen.
... | ... |
@@ -239,18 +239,33 @@ them and explain about Tor and Tor's exit policies. </p> |
239 | 239 |
<a id="Bans"></a> |
240 | 240 |
<h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3> |
241 | 241 |
|
242 |
+<p>We're sorry to hear that. There are some situations where it makes |
|
243 |
+sense to block anonymous users for an Internet service. But in many |
|
244 |
+cases, there are easier solutions that can solve your problem while |
|
245 |
+still allowing users to access your website securely.</p> |
|
246 |
+ |
|
242 | 247 |
<p>First, ask yourself if there's a way to do application-level decisions |
243 | 248 |
to separate the legitimate users from the jerks. For example, you might |
244 | 249 |
have certain areas of the site, or certain privileges like posting, |
245 |
-available only to people who are registered. You could set up this |
|
246 |
-distinction only for certain IP addresses such as Tor exit nodes. This |
|
247 |
-way you can have multi-tiered access and not have to ban everything. </p> |
|
248 |
- |
|
249 |
-<p>Second, consider that thousands of people use Tor every day to protect |
|
250 |
-against data-gathering corporations like Doubleclick while going about |
|
251 |
-their normal activities. Others use Tor because it's their only |
|
252 |
-way to get past the restrictive firewalls at their school or other |
|
253 |
-organization. Some Tor users may be legitimately connecting |
|
250 |
+available only to people who are registered. It's easy to build an |
|
251 |
+up-to-date list of Tor IP addresses that allow connections to your |
|
252 |
+service, so you could set up this distinction only for Tor users. This |
|
253 |
+way you can have multi-tiered access and not have to ban every aspect |
|
254 |
+of your service. </p> |
|
255 |
+ |
|
256 |
+<p>For example, the <a |
|
257 |
+href="http://freenode.net/policy.shtml#tor">Freenode IRC network</a> |
|
258 |
+had a problem with a coordinated group of abusers joining channels and |
|
259 |
+subtly taking over the conversation; but when they labelled all users |
|
260 |
+coming from Tor nodes as "anonymous users," removing the ability of the |
|
261 |
+abusers to blend in, the abusers moved back to using their open proxies |
|
262 |
+and bot networks. </p> |
|
263 |
+ |
|
264 |
+<p>Second, consider that thousands of people use Tor every day simply for |
|
265 |
+good data hygiene — for example, to protect against data-gathering |
|
266 |
+advertising companies while going about their normal activities. Others |
|
267 |
+use Tor because it's their only way to get past restrictive local |
|
268 |
+firewalls. Some Tor users may be legitimately connecting |
|
254 | 269 |
to your service right now to carry on normal activities. You need to |
255 | 270 |
decide whether banning the Tor network is worth losing the contributions |
256 | 271 |
of these users, as well as potential future legitimate users. </p> |
... | ... |
@@ -259,10 +274,10 @@ of these users, as well as potential future legitimate users. </p> |
259 | 274 |
services that aggregate many users behind a few IP addresses. Tor is |
260 | 275 |
not so different from AOL in this respect.</p> |
261 | 276 |
|
262 |
-<p>Lastly, please remember that Tor servers have individual exit |
|
263 |
-policies. Many Tor servers do not allow exiting connections at |
|
264 |
-all. Many of those that do allow some exit connections might already |
|
265 |
-disallow connections to |
|
277 |
+<p>Lastly, please remember that Tor servers have <a |
|
278 |
+href="#ExitPolicies">individual exit policies</a>. Many Tor servers do |
|
279 |
+not allow exiting connections at all. Many of those that do allow some |
|
280 |
+exit connections might already disallow connections to |
|
266 | 281 |
your service. When you go about banning nodes, you should parse the |
267 | 282 |
exit policies and only block the ones that allow these connections; |
268 | 283 |
and you should keep in mind that exit policies can change (as well as |
269 | 284 |