> The thread so far seems to be regards "People who use Browsers over
> Tor have problems accessing IETF because CAPTCHA from IETF's Hosting
> Provider".
i would add
cloudflare breaking what should be end to end encryption opens the
user to a mitm. no, i am not saying cloudflare are bad folk. but,
for example,
o they could be served with a fisa order to see my traffic
o they could be served with a fisa order to serve subtly different
documents to queries from <name your favorite regime>
o and all the other problems of having monkeys in the middle
in these more privacy conscious days, we should be setting an example
of how our own technology (and those of our friends in other sdos)
can be used to maximize privacy and integrity. client blocking,
discrimination, and breaking e2e encryption are not what i consider
nice examples.
my threat model for our data and services is much more about integrity
and privacy than availability. i.e. i will put up with some degree of
ddos (after all i read this list:-) to be more assured that i am getting
an unaltered copy of rfc1925 and no one else knows i am reading it.
as with anything else, this point can be stretched to extremes that are
silly; no i probably will be unhappy with a one week outage. but what
attacks have we actually experienced? i know what we, a backbone isp,
get, and they're tens of g/s. but does anyone throw gigs at
datatracker?
and another of my lives is as a measurement researcher. so please spare
me "most of tor traffic is malicious" without citation, or the rfc
archive gets a 50g ddos every few weeks without actual measurement.
The plural of anecdote is not data.
-- Roger Brinner, economist
The plural of anecdote is not evidence.
-- Bill Lockyer, California Attorney General
randy