Re: [Tails-project] I must apologize to you.

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: darknessonion
CC: Micah Anderson, tails-project
Sujet: Re: [Tails-project] I must apologize to you.
Hi,

(Micah: for full context see
https://mailman.boum.org/pipermail/tails-project/2018-January/001035.html)

darknessonion@???:
> I DDoS attacked tails website and tails website was down.


Well, not only our website, but the entire collocation where the
server that hosts it is located. As you've noticed, this includes for
example most Riseup services, a good number of other cool projects,
and the many users who rely on these services.

Thankfully our friends at Riseup quickly identified the problem (and,
I believe, mitigated somehow, even though if I don't understand yet
how that's possible).

Disclaimer: I'm not an expert in this field, far from it, so my
analysis and the conclusions I draw from it below may be flawed.
I'd be happy to stand corrected if needed. I'm also talking for myself
here, not for the Tails project.

> Tails website is vulnerable to DDoS attacks. Why do not you do
> DDoS protection?


My understanding is that the only reliable way to resist NTP
amplification attacks is to have huge network capacity. That is,
basically: use Cloudflare or similar, which has very problematic
consequences regarding the privacy of our users and Internet
power dynamics.

> What do you think about this?


I think that the whole "I have a bigger pipe than you" DDoS game
reinforces existing imbalanced power relationships and I have
a serious ethical problem with that. As you've successfully shown,
this kind of attacks puts at risk the smaller and non-profit
providers; as a consequence it leaves us the choice between:

a) shut up, forget the idea of having a presence online, and disappear
from the Internet
b) accept the risk to be shut down from time to time by a DDoS attack
c) hire services from big players such as Cloudflare

I really don't like seeing my choices restricted to those.
But if I have to choose, personally I'll pick (b).

Cheers,
--
intrigeri