I know you all are dealing with DDoS and how that goes. I run DDoS mitigation for some juicy targets and do a lot of on-call response to handle those issues, so believe me when I say I know what you are dealing with.

However, that being said, it appears you are blocking tor exit nodes with a 403, likely at your web termination point (nginx, apache, whatever), and this kind of sucks.

I get that tor can bring some attacks, and I fully support a modulated response to those attacks, preferably one with a reasonable time decay, but please don’t just block all of tor

Alternatively, be one of the cool kids, and setup an onion service for lemmy.world!

  • twistypencil@lemmy.worldOP
    link
    fedilink
    arrow-up
    6
    arrow-down
    4
    ·
    1 year ago

    Defend yourself against tracking and surveillance. Circumvent censorship…

    Governments use the internet for social control, through both surveillance and censorship. Many countries, such as China, Iran, and even the United States practice active surveillance of the social relationships of everyone. They then sell that data to companies, and then that data gets sold to the US government to work around 4th amendment protections (https://www.wired.com/story/odni-commercially-available-information-report)

    Internet service providers happily cooperate with government repression, they practice intrusive monitoring of your traffic through deep packet inspection, they track your DNS usage, and they get people thrown in jail, expelled from school, or banned from the internet, sometimes just for ‘copyright infringement’.

    Corporations have discovered how to make money from the internet: surveillance. By tracking your online habits, advertising companies build detailed profiles of your individual behavior in order to better sell you junk, Every single major internet ad company now uses behavioral tracking.

    Tor isn’t the only way to get around these things, but it is one tool in the arsenal. The fediverse is a step in the right direction, and the fact that I can run my own lemmy is a huge plus, which is what I probably will be doing if lemmy.world continues to block Tor, but that is a selfish solution, and doesn’t help my friend’s in countries with restrictive internet.

    I’m not interested in stopping doing stuff on lemmy because the government doesn’t approve of it. Political repression doesn’t mean I should also be profiled or have my speech restricted. I want to be able to help people find abortion support in my state, where it is illegal, and I want to do that without worrying about ending up in some kind of purge list because the GOP becomes full fascist sometime in the next couple years.

    • Puzzle_Sluts_4Ever@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      6
      ·
      edit-2
      1 year ago
      • Who are the admin team of lemmy.world? From a quick glance, at least a few of the staff have photos (whether that is them or not is anyone’s guess).
      • What are their political backgrounds?
      • How likely are they to stand up against an aggressive government who wants information on people who are circumventing an abortion ban?
      • How likely are they to assist said government?

      And, most importantly

      • Even if you have satisfactory answers to all of the above, how much do you trust that the new sysadmins that are being recruited meet the same requirements?

      The fediverse is amazing as a tool to decouple social media and discourse from corporations (even if that can be coopted. Facebook is already trying). It is a HORRIBLE tool from an infosec perspective. Because instance admins can more or less see EVERYTHING you do. And even if you trust your own instance, you have no guarantees that the PMs you are sending a user on a different instance are protected either.

      So, like I said in the other post you ignored after seeing one sentence, if you are doing ANYTHING where the government or even the general public finding out can hurt you: Don’t fucking do it on Lemmy.

      This reminds me way too much of bitcoin back in the day. People figured that because it was not “controlled” by credit card companies and governments that they were fully anonymous. When the reality was that the ledger is public record and you don’t even need a warrant to search through it. And even if you are smart enough to use a tumbler or five: There is a reason that so much funding went in to graph analysis, if you catch my drift.


      And just to make it clear. This is not any shade whatsoever being thrown at the lemmy.world admin team. You folk are doing great, thanks.

      The point is more: I don’t know you. Why would I trust you with my personal and private secrets. Especially if they can have negative repercussions on my life if they get out. And, just the same, I don’t expect you to ask me to hold on to your credit card and social security card while you go get some blow or whatever.