this post was submitted on 11 Aug 2023
66 points (90.2% liked)

Lemmy.world Support

0 readers
1 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

Support tickets can be created by sending an email to info@mastodon.world

founded 1 year ago
MODERATORS
ruud@lemmy.world
antik@lemmy.world
sagittarie@lemmy.world
quinten@lemmy.world
66
Please don't block tor (lemmy.world)
submitted 1 year ago by twistypencil@lemmy.world to c/support@lemmy.world
18 comments fedilink hide all child comments
 

I know you all are dealing with DDoS and how that goes. I run DDoS mitigation for some juicy targets and do a lot of on-call response to handle those issues, so believe me when I say I know what you are dealing with.

However, that being said, it appears you are blocking tor exit nodes with a 403, likely at your web termination point (nginx, apache, whatever), and this kind of sucks.

I get that tor can bring some attacks, and I fully support a modulated response to those attacks, preferably one with a reasonable time decay, but please don't just block all of tor

Alternatively, be one of the cool kids, and setup an onion service for lemmy.world!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Puzzle_Sluts_4Ever@lemmy.world 5 points 1 year ago* (last edited 1 year ago) (9 children)

Genuine question: Why would you use Tor to connect to Lemmy?

Tor is an incredibly useful tool to work around organization supported firewalls.

  • Employer: Don't try to work around your employer's protections. It just takes one bored IT person to make a call and you are fired
  • College/Family: There are stronger arguments for this but I suspect you are in a "suboptimal" situation if you are dealing with that and... yeah
  • Government: This is the big use of Tor and why I still generally suggest it, even if I have many concerns with the ethics of the system and its supporters. And let's drill down to that

If you are doing stuff on Lemmy that your government would not approve of: STOP!!! We have stories of twitter and other social media sites outright volunteering information to authoritarian governments while having a CEO spew hate and vitriol on an hourly basis. And those are large companies with at least some degree of oversight.

Lemmy is instances hosted and managed by people in their off time. And you know almost nothing about those admins.

So if you are saying or looking at anything that you would not want the public to know: Do not fucking do it on Lemmy. There is still plenty of user activity that can be used to trace back to you if anyone ever cares enough.

Never underestimate the power of tracking cookies. You may think you are protecting your privacy but... you really aren't. And if you run ALL traffic through tor... you are in basically the exact same boat the moment one tracking cookie has been associated with the Dominos pizza down the street.

[โ€“] FirstMajesticComet@lemmy.blahaj.zone 2 points 1 year ago

The fact that you are assuming someone wants to use Tor on Lemmy to do something illegal shows that you have fallen prey to the idea that Tor itself is illegal or meant for illegal activity, it's the driving force behind many of the pushes to block Tor or even to attempt to extinguish it.

Fact of the matter is Tor is a tool, a tool that like any is not inherently evil or illegal. Tor's purpose also isn't to facilitate illegal activity, its purpose is to provide privacy and anonymity to people who want it. It sounds to me like you have been listening to a lot of those "scary" deep web videos or assuming people use Tor for those reasons and not for legitimate privacy and security reasons, (like for example did you know that Lemmy doesn't proxy images?). This is one thing I really hate about those types of content, they portray the idea of privacy and security as if it's evil or nefarious, or that the idea of hosting your own hidden service is creepy or wrong, it's really gross actually, all for clicks and views, but they push it as if it's real, it's harmful to services like Lemmy which are currently outside of the mainstream and probably are associated with Dark web contend just by virtue of not being Big tech products, for a while I'd heard similar stories about linux too (people talked about how linux is for criminals, glad that one didn't catch on).

TL;DR you shouldn't be assuming that people want to use Tor (a privacy and security tool) for nefarious or evil purposes due to it's reputation with nontechnical people, especially when those people are known for spreading misleading or even wrong information about the subject itself.

load more comments (8 replies)