undefined | Better HN

0 pointsjuskrey6y ago0 comments

This is why you shouldn't use CloudFlare, whose good intentions lead to not so good places

0 comments

judge20206y ago

When 80% of traffic from an IP is malicious and the other 20% is regular traffic, but both sources look like the same traffic (impersonating browser headers, sometimes running headless chromium), what else can you do? Cookies and stateful cookie-like objects, such as privacy pass.

Can anyone report how well privacy pass works nowadays?

kodablah6y ago

> When 80% of traffic from an IP is malicious and the other 20% is regular traffic, but both sources look like the same traffic (impersonating browser headers, sometimes running headless chromium), what else can you do?

Accept the traffic, taking the bad with the good. We all know the ills of visitor profiling regardless of effectiveness.

ohithereyou6y ago

That's an easy position to take when you personally do not bear the expense of the extra bandwidth, increased hardware needed to ensure acceptable response times, and cleanup/reputation damage when you are compromised.

All of these things have a cost, and they should be balanced against the benefit seen by allowing open access.

Operyl6y ago

The times I've had to use Tor, privacypass has been usable.

ryanlol6y ago

So uh, why does “malicious” traffic need to be blocked?

ohithereyou6y ago

Because nobody is entitled to receive response packets from my computer.

1 more reply

j / k navigate · click thread line to collapse