this post was submitted on 27 Sep 2024

108 points (99.1% liked)

Privacy

31377 readers

278 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

108

Introducing Proof-of-Work Defense for Onion Services | The Tor Project (blog.torproject.org)

submitted 1 day ago by possiblylinux127@lemmy.zip to c/privacy@lemmy.ml

22 comments fedilink hide all child comments

top 22 comments

sorted by: hot top controversial new old

[–] admin@lemmy.nowhere.moe 10 points 1 day ago* (last edited 1 day ago)

no offense, but that's old news as of august of last year. But yea this has been a big game changer for hidden services that were under constant DDoS, such as the Dread forum.

[–] shortwavesurfer@lemmy.zip 10 points 1 day ago (1 children)

Having the proof of work defense has been a game changer for the network. I've noticed a hell of a lot less unresponsive onion services. However, this is old news as it was released last August. Most everybody should have a version capable of doing the proof of work by now.

[–] possiblylinux127@lemmy.zip 3 points 1 day ago

That's why I posted it. It has been rolled

[–] delirious_owl@discuss.online 9 points 1 day ago* (last edited 1 day ago) (1 children)

I wish more companies understood that Onion Services have excellent protection from DoS attacks.

You don't even have to give away your keys to CloudFlare. Just get trigger happy with IP blocking and tell users to use the Onion address to bypass any blocks.

[–] possiblylinux127@lemmy.zip 0 points 1 day ago (1 children)

Honestly that's not a terrible idea (assuming the target audience knows about Tor)

[–] delirious_owl@discuss.online 0 points 1 day ago

Most of the people who get blocked are going to be tech savvy. Except maybe someone computer illiterate at a Uni

[–] delirious_owl@discuss.online 3 points 1 day ago

RIP EndGame

[–] delirious_owl@discuss.online 3 points 1 day ago

This is a year old. But please do notify me when its available in the default Debian repos.

[–] foremanguy92_@lemmy.ml 1 points 1 day ago

Could be good, but be aware that it doesn't bother the real users. Continue working! 😃

[–] PropaGandalf@lemmy.world -3 points 1 day ago (5 children)

PoW? Really?

[–] magic_lobster_party@fedia.io 19 points 1 day ago (1 children)

It’s not like it’s going to consume electricity like Bitcoin.

PoW was first conceptualized as an anti spam method. It’s just a little overhead to make it expensive to make DOS attacks. This makes perfect sense.

[–] Mubelotix@jlai.lu 1 points 1 day ago

It will, but that's the point. Costing money

[–] delirious_owl@discuss.online 16 points 1 day ago (1 children)

What do you think PoW was created for. This is exactly the use case of PoW -- to reduce malicious traffic. It works great!

[–] Mubelotix@jlai.lu 1 points 1 day ago* (last edited 1 day ago) (1 children)

Though if an attacker has an ASIC he can single-handedly dominate the whole pool of other users as ASICs are tremendously more efficient than CPUs

[–] delirious_owl@discuss.online 3 points 21 hours ago (1 children)

Depends on the hashing algorithm. Tor implements two, and neither are vulnerable to custom architectures like ASICs

[–] Mubelotix@jlai.lu 1 points 16 hours ago

Good

[–] BroBot9000@lemmy.world 9 points 1 day ago

Still a better use of the electricity than Ai.

[–] ziviz@lemmy.sdf.org 6 points 1 day ago (1 children)

At least it appears to be something that gets triggered. In theory, if a node is not under attack or heavy usage, this isn't a consideration. Doesn't seem to be a perfect solution as it still slows the traffic of legitimate users in the event of an attack.

[–] shortwavesurfer@lemmy.zip 2 points 1 day ago

Only for those users who do not have proof of work capability, they get put at the back of the line, but anybody with proof of work capability, which was released last August, will do the work and be put higher priority. I know some people who run seed nodes for Haveno-reto and they had major DDOS issues until they got PoW enabled. It was taking like 5 or 10 minutes to get connected to the network. And now it takes about 30 seconds.

[–] possiblylinux127@lemmy.zip 4 points 1 day ago (1 children)

What else would they do?

[–] sunzu2@thebrainbin.org 9 points 1 day ago (1 children)

I bet that commenter got triggered because cyrpto bad!!! There

Anyway, ain't pow like the only practical solution to fight bots?

Share Some conputer to enter... Seems fair if you are good faith single actor but very expensive if you are running a botnet campaign

[–] BakedCatboy@lemmy.ml 4 points 1 day ago

Either that or charging a micro transaction for loading the page. But yeah the goal is to make it cost a small amount that is insignificant to a regular user but adds up to a huge amount at the scale of a spam farm. And it's also the same rationale behind hashing passwords with multiple rounds. It adds a tiny lag when you log in correctly but adds an insane amount of work if you're checking every phrase in a password cracking dictionary using an offline attack because it adds up. (In the online scenario you just block them after a few attempts)