Hello everyone,
[snip]
There must be a way that we can allow users to work from Tor.
[snip more]
I think the first step is to work harder to block devices, not IP
addresses. [snip]
Focusing on what signature we can obtain from (or plant on) the device
and how to make that signature available to and manageable by admins is
the key.
These things are also
likely to be considered "security vulnrabilities", so probably not
something to be relied on over long term as people fix the issues that
allow people to be tracked this way.
The folks over at the Tor project actually pride themselves on making
a browser that is hard to fingerprint. If we came up with any way
to fingerprint individual browser sessions, they'd likely fix it pretty
quickly.
Once we have a
system that allows us to block individual devices
reasonably effectively, it won't matter whether those people are using
Tor to get to us or not
If you can find a way to link a tor user to the device they are using,
then you have essentially broken Tor. Which is not an easy feat.
And of course, this is where the difficulty comes in. All of our current
blocking measures are based around using information that is specifically
hidden by Tor. The idea is to find a way to block individuals on Tor
without having any information about those individuals that might be
useful to someone trying to kill them (or at least identify their
real world identity).
Thank you,
Derric Atzrott