[liberationtech] when you are using Tor, Twitter will blocked your acc

[Seth David Schoen]

Griffin Boyce writes:

>   I'd recommend reaching out formally (perhaps to privacy@ ?) and
> proposing a whitelist or other special consideration for Tor users.

It seems obviously crazy to me for Twitter to prevent people from
accessing it over Tor, both in light of widespread censorship of Twitter
on different networks and in light of governments' attempts to find out
where users of services are connecting from.

On the other hand, if a service is viewing anomalous originating IP
address as an indicator of compromise, then using Tor destroys that
information source.  For example, if Twitter whitelists Tor exit nodes
and says that connecting from them is never viewed as suspicious, then
anybody who knows this and compromises a Twitter user's account can
just use the stolen account over Tor and never get detected or blocked.

I guess there are some people who try to compromise Twitter accounts
who wouldn't learn about this policy and take advantage of it, but
that seems like a significant assumption.  So, should Twitter just
stop enforcing the compromise detection entirely when users connect
via anonymity services?  It seems like that would significantly
undermine the compromise detection.

One alternative idea is to have a flag on people's accounts that says
"OK to connect via anonymity services"; then a question is how people
can get that flag (ideally, without getting the account blocked even
once) and how someone who hijacks an account can be prevented from
setting the flag maliciously.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107