Hello everyone, [snip] There must be a way that we can allow users to work from Tor. [snip more]
I think the first step is to work harder to block devices, not IP addresses. [snip]
Focusing on what signature we can obtain from (or plant on) the device and how to make that signature available to and manageable by admins is the key.
These things are also likely to be considered "security vulnrabilities", so probably not something to be relied on over long term as people fix the issues that allow people to be tracked this way.
The folks over at the Tor project actually pride themselves on making a browser that is hard to fingerprint. If we came up with any way to fingerprint individual browser sessions, they'd likely fix it pretty quickly.
Once we have a system that allows us to block individual devices reasonably effectively, it won't matter whether those people are using Tor to get to us or not
If you can find a way to link a tor user to the device they are using, then you have essentially broken Tor. Which is not an easy feat.
And of course, this is where the difficulty comes in. All of our current blocking measures are based around using information that is specifically hidden by Tor. The idea is to find a way to block individuals on Tor without having any information about those individuals that might be useful to someone trying to kill them (or at least identify their real world identity).
Thank you, Derric Atzrott