> Andrew Sullivan wrote : > yet we need to do something about the attacks against the IETF sites, which have been painful and which we need to be prepared to handle. About a month ago, I did a quick analysis on Tor exit nodes and found that about half of them are on a blacklist of some kind. I am not assessing the validity of the various methodologies used to blacklist the addresses, I'm just counting beans. The captcha mentioned earlier is a middle way, as some organizations go further and block Tor entirely. Call it profiling all you want, it's no different than a spam blacklist : it's IP reputation; being a Tor exit node does carry a burden in the metric used to assess the reputation and therefore the threat potential. If it looks like a duck and quacks like a duck, some people are going to wonder if it's a duck. I'm not judging here, I'm just looking at numbers. > No brilliant suggestions here, just questions. None here either. Regrettably, some guys out there are using Tor for bad purposes, it also is a foregone conclusion that some of the attacks carried over Tor are part of the equivalent of a joe-job. Trolling about Tor being blocked does not help, though. Here is the challenge for the brilliant minds in here : make it so it preserves the anonymity of people who genuinely need it, but stop it from being an attack vector. It means cleaning up when it enters the system, instead of having users cleaning when it exits the system. Michel.