Public Pastes
Pastebin PRO Accounts EASTER SPECIAL! For a limited time only get 40% discount on a LIFETIME PRO account! Offer Ends April 2nd!
SHARE
TWEET

Stopping ban evasion

a guest May 6th, 2015 235 Never
  1. Stopping ban evasion
  2.  
  3. Mar 28 18:22:27 <Jeeperscreepers88>     Maybe when IPv6 takes over, we'll see new ban methods
  4. Mar 28 18:23:01 <Antarcticanon> The future of banning, is now!
  5. Mar 28 18:23:44 <ALTERNATIVE>   I just want to be clear that something like writing a java applet to grab the mac will never ever happen
  6. Mar 28 18:23:52 <ALTERNATIVE>   as it is a huge privacy breach
  7. Mar 28 18:23:59 <Troid> you won't see new ban methods with ipv6 but it should be easier to ban people due to a lack of (actual) dynamic IPs
  8. Mar 28 18:24:36 <Troid> the way the spec is set up people are assigned a block of addresses so they can "switch IPs" but only to one within a subnet they've been assigned
  9. Mar 28 18:24:41 <Troid> to ban them, you just ban their entire subnet
  10. Mar 28 18:24:54 <Troid> unlike a dynamic ipv4 address, no one else is going to be assigned an IP from that subnet.
  11. Mar 28 18:24:57 <ALTERNATIVE>   but troid
  12. Mar 28 18:25:06 <ALTERNATIVE>   what if ISPs decide to say fuck that and then do the exact opposite
  13. Mar 28 18:25:08 <yetsturdy>     ALTERNATIVE: that's not true
  14. Mar 28 18:25:11 <ALTERNATIVE>   and just assign IPs willy nilly
  15. Mar 28 18:25:14 <Troid> then we will be fucked as usual
  16. Mar 28 18:25:20 <ALTERNATIVE>   which part isnt true yetsturdy
  17. Mar 28 18:25:25 <yetsturdy>     [20:22:16] <ALTERNATIVE> basically the only information being given to the server when you connect to any website is your IP address
  18. Mar 28 18:25:28 <ALTERNATIVE>   https://twitter.com/kcgreenn/status/449703323617480704 tweet of the year
  19. Mar 28 18:25:39 <yetsturdy>     when you use a browser to connect to a website, a bunch of HTTP headers are sent.
  20. Mar 28 18:25:42 <ALTERNATIVE>   well theres other shit
  21. Mar 28 18:25:47 <ALTERNATIVE>   I was being overly simplistic
  22. Mar 28 18:25:48 <ALTERNATIVE>   user agents
  23. Mar 28 18:25:50 <yetsturdy>     that stuff can be used to identify individual users.
  24. Mar 28 18:25:51 <yetsturdy>     yeah
  25. Mar 28 18:25:53 <ALTERNATIVE>   referrers
  26. Mar 28 18:26:10 <ALTERNATIVE>   language OS type
  27. Mar 28 18:26:11 <yetsturdy>     it's much closer to uniquely-identifying than people realize.
  28. Mar 28 18:26:19 <ALTERNATIVE>   its not specific enough to help, though
  29. Mar 28 18:26:24 <yetsturdy>     yes, it is
  30. Mar 28 18:26:26 <ALTERNATIVE>   :O
  31. Mar 28 18:26:48 <ALTERNATIVE>   10 years and there was a better way all along who knew
  32. Mar 28 18:27:15 <yetsturdy>     the headers alone aren't enough, obviously, but they're still evidence. And sometimes, user-agent WILL be unique (or close enough to it for practical purposes.)
  33. Mar 28 18:27:44 <ALTERNATIVE>   I don't think it's exact enough to hit an individual with no chance of hitting anyone else
  34. Mar 28 18:27:56 <yetsturdy>     neither is IP address.
  35. Mar 28 18:28:08 <ALTERNATIVE>   I don't know how many people in my subnet use windows 8.1 and chrome
  36. Mar 28 18:28:18 <yetsturdy>     https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
  37. Mar 28 18:28:23 *       ThinMint (~ThinMint@Staggeringly.Irrelevant) has joined
  38. Mar 28 18:28:23 *       ChanServ gives voice to ThinMint
  39. Mar 28 18:28:41 <ALTERNATIVE>   if this is so much better than the current system then why hasn't mvb implemented something like it
  40. Mar 28 18:28:50 <yetsturdy>     This article says that user agent alone gives an average of 10 bits of entropy.
  41. Mar 28 18:29:02 <yetsturdy>     That + subnet -> very miniscule chance of false positives.
  42. Mar 28 18:29:15 <VCR_Working>   i have no idea what the two of you are talking abou
  43. Mar 28 18:29:18 <ALTERNATIVE>   I remember this article being linked in channel
  44. Mar 28 18:29:36 <yetsturdy>     Methods of user-banning beyond IP are very rare. Most people don't consider them because most people aren't familiar with bayesian methods.
  45. Mar 28 18:30:06 <yetsturdy>     Well, I say "very rare", but that's only true of sites like 4chan. This stuff is the norm in the advertising world.
  46. Mar 28 18:30:43 *       bigN has quit (Ping timeout: 240 seconds)
  47. Mar 28 18:31:24 <WhatWinterLeft>        Thats because most people don't have to deal with problems like users rampantly evading bns
  48. Mar 28 18:31:40 <WhatWinterLeft>        I mean hell SA gets around this with a paywall
  49. Mar 28 18:32:04 <ThinMint>      link to article?
  50. Mar 28 18:32:13 <WhatWinterLeft>        https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
  51. Mar 28 18:32:14 <yetsturdy>     Actually, the problems that advertisers face are on the same scale, I would wager. They often have tracking data that's inconsistent or missing fields altogether. That doesn't mean much to modern statistics, though.
  52. Mar 28 18:32:19 <Inf>   SA is no longer worth ban evading to browse
  53. Mar 28 18:32:28 <WhatWinterLeft>        Theres that too, yeah.
  54. Mar 28 18:34:22 <yetsturdy>     also, ALTERNATIVE, consider this: maybe a modern banning system would rely on sources of identifying information just to increase a spammer's ratelimiting, or maybe it could be used to train a machine learning algorithm to flag users as potential ban evaders automatically.
  55. Mar 28 18:35:02 <Inf>   hello NWO
  56. Mar 28 18:35:10 <ALTERNATIVE>   I don't know, I'd like to know what MVB would say regarding it
  57. Mar 28 18:35:11 <ThinMint>      oh is this browser footprint stuff, a la that panoptican site?
  58. Mar 28 18:35:12 <yetsturdy>     "partial ban" = increased wait time between posts, going towards infinity wait time as bannedness goes to 100%.
  59. Mar 28 18:35:31 <ALTERNATIVE>   I was only using my statement to illustrate my point that you couldn't see the MAC address
  60. Mar 28 18:35:59 <ALTERNATIVE>   I didn't consider the other identifying information
  61. Mar 28 18:36:00 <Inf>   and its not like its impossible to spoof a MAC either
  62. Mar 28 18:36:12 <Inf>   and an evader will definitely know or learn how
  63. Mar 28 18:36:25 <ALTERNATIVE>   a quick google result will accomplish that
  64. Mar 28 18:36:40 <ThinMint>      the issue I see with panopticlick tech is that the identifying information it uses shouldn't be too hard to change
RAW Paste Data
Top