Re: ietf.org unaccessible for Tor users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm going to express my personal views here, though I believe they're both cogent and sane:

On Mar 15, 2016, at 10:14 AM, Eliot Lear <lear@xxxxxxxxx> wrote:
On 3/15/16 9:20 AM, Jari Arkko wrote:
I don’t have a solution, but I wanted to say that I feel the pain.

It is important that IETF documents are accessible via Tor.

I'll bite: why is it important that IETF documents be accessible via Tor?

Because Tor is another browser - actually several browsers, especially with Orbot meaning that a **lot** of Android users transparently sit behind it - and Tor is being used by a huge number of people.

I have three distinct lines of though regarding this:

= Accessibility =

We have long since left behind the world of "This Website is Best Viewed Using [browser] in 1024x768 Screensize!" - because accessibility is important.  

We don't pick-and-choose what browsers people use to access websites any more, we embrace communication and leave them to render content in their preferred way, from Tor through Chrome to screen-readers.

= Threat Models =

Is it really in your best interests to block people from your website? 

If you're mostly a read-only site - and the IETF site appears to be onesuch - then I would be amazed if a DDoS attack would come via Tor when it would be so much more effective and easier to set up coming from some random Botnet. 

Simple economics suggest that the best way to knock the IETF website offline is to use a Botnet - so if (and perhaps I am wrong) the IETF wants to defend itself against DDoS, to block Tor is to defend yourself against the wrong tuple of (threat, actor) - if Tor is a threat to the IETF website at all.

If IETF was worried about having its content scraped-and-duplicated, yes I could totally see Tor as a risk to the IETF website; but I am not aware of that being part of the IETF threat model, else you'd require logged-in access already.

= Addresses Are Not People =

IP Reputation Systems are (at best) a hint, not a panacea, and we should remember that.  

Elsewhere - to politicians, to activists - I've had to repeatedly explain that "1 IP Address != 1 Human Being", that you can't simply arrest the person who pays the ISP because their IP address apparently downloaded a movie; yet sometimes we are weirdly blind to the inverse, we seem happy to draw red lines* around chunks of internet space and call them "bad places", where only "unpeople" live.

It's not really logical to hold both perspectives firmly and simultaneously - sometimes an IP address is just one person.  And - conversely - behind those red lines drawn on the network map are an enormous number of normal, good people.  Probably more good people than bad.

So why make communication and participation harder for them?

    -a


--
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]