Having the proof of work defense has been a game changer for the network. I've noticed a hell of a lot less unresponsive onion services. However, this is old news as it was released last August. Most everybody should have a version capable of doing the proof of work by now.
this post was submitted on 27 Sep 2024
121 points (99.2% liked)
Privacy
42924 readers
923 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
That's why I posted it. It has been rolled
I wish more companies understood that Onion Services have excellent protection from DoS attacks.
You don't even have to give away your keys to CloudFlare. Just get trigger happy with IP blocking and tell users to use the Onion address to bypass any blocks.
Honestly that's not a terrible idea (assuming the target audience knows about Tor)
Most of the people who get blocked are going to be tech savvy. Except maybe someone computer illiterate at a Uni
no offense, but that's old news as of august of last year. But yea this has been a big game changer for hidden services that were under constant DDoS, such as the Dread forum.
This is a year old. But please do notify me when its available in the default Debian repos.
Could be good, but be aware that it doesn't bother the real users. Continue working! 😃
RIP EndGame
PoW? Really?
It’s not like it’s going to consume electricity like Bitcoin.
PoW was first conceptualized as an anti spam method. It’s just a little overhead to make it expensive to make DOS attacks. This makes perfect sense.
It will, but that's the point. Costing money
What do you think PoW was created for. This is exactly the use case of PoW -- to reduce malicious traffic. It works great!
Though if an attacker has an ASIC he can single-handedly dominate the whole pool of other users as ASICs are tremendously more efficient than CPUs
Depends on the hashing algorithm. Tor implements two, and neither are vulnerable to custom architectures like ASICs
Good
Still a better use of the electricity than Ai.
At least it appears to be something that gets triggered. In theory, if a node is not under attack or heavy usage, this isn't a consideration. Doesn't seem to be a perfect solution as it still slows the traffic of legitimate users in the event of an attack. I don't know the full details, but in the worse case it makes it easier to semi-DoS, maybe not by fully making a node unresponsive, but by making the service so painfully slow that users may give up on it.
Only for those users who do not have proof of work capability, they get put at the back of the line, but anybody with proof of work capability, which was released last August, will do the work and be put higher priority. I know some people who run seed nodes for Haveno-reto and they had major DDOS issues until they got PoW enabled. It was taking like 5 or 10 minutes to get connected to the network. And now it takes about 30 seconds.
What else would they do?