有时候,恶意人士利用 Tor 浏览器 在 IRC频道中捣乱。
This abuse results in IP-specific temporary bans ("klines" in IRC lingo), as the network operators try to keep the troll off of their network.
这个响应强调了 IRC 安全模型的根本缺陷:
他们假设 IP 地址对应一个特定的人,所以通过禁止 IP 地址他们就可以禁止这个人。
In reality, this is not the case — many such trolls routinely make use of the literally millions of open proxies and compromised computers around the Internet.
The IRC networks are fighting a losing battle of trying to block all these nodes, and an entire cottage industry of blocklists and counter-trolls has sprung up based on this flawed security model (not unlike the antivirus industry).
Tor 浏览器的网络只是冰山一角而已。
另一方面,对于 IRC 服务器的管理员来说,安全性并不是全有或全无的事情。
By responding quickly to trolls or any other social attack, it may be possible to make the attack scenario less attractive to the attacker.
在特定的 IRC 网络、特定的时间上,大多数的 IP 地址确实代表了个人。
也有例外,比如 NAT 网关可以作为特殊情况分配访问权限。
While it's a losing battle to try to stop the use of open proxies, it's not generally a losing battle to keep klining a single ill-behaved IRC user until that user gets bored and goes away.
但是真正的解决方案是实施应用级别的认证系统,使正常的使用者能顾进入服务,并阻止恶意扰乱者进入服务。
这需要某些人为属性(例如只有他们知道的密码),而不是他们的数据包传输方式的某些属性。
当然,并不是所有的 IRC 网络都禁止 Tor 浏览器的节点。
After all, quite a few people use Tor to IRC in privacy in order to carry on legitimate communications without tying them to their real-world identity.
Each IRC network needs to decide for itself if blocking a few more of the millions of IPs that bad people can use is worth losing the contributions from the well-behaved Tor users.
如果你被屏蔽了,你可以联系网络管理员解释这个问题。
他们可能根本就不知道 Tor 浏览器,或者他们可能没有意识到他们访问的主机名就是 Tor 浏览器的出口节点。
If you explain the problem, and they conclude that Tor ought to be blocked, you may want to consider moving to a network that is more open to free speech.
Maybe inviting them to #tor on irc.oftc.net will help show them that we are not all evil people.
最后,如果你发现 IRC 网络屏蔽了 Tor 浏览器,或者单个的 Tor 浏览器退出节点,请把这些信息补充到Tor 浏览器 IRC 屏蔽跟踪器,让大家可以分享交流。
至少有一个 IRC 网络会查询该页面,以 解除不经意间被屏蔽的退出节点。