
Why does Yelp completely refuse to provide service to Tor… - dfc
https://plus.google.com/103112149634414554669/posts/CccvGwGdpmS
======
bifrost
The G+ post illustrates that pretty well - Yelp doesn't have fine grain per
user control, they have monolithic per-IP filtering. That shouldn't be
terribly surprising to anyone, because cookies and user profiling are hard.

~~~
dfc
I did not mean to submit this question under the guise of a
complaint/demand/question. Given the recent interest in anonymity it was meant
to be a cautionary tale.

~~~
bifrost
Managing user traffic is actually pretty easy, you just build a state table
and then meter access by request volume. The problem often becomes managing
the state table and not the actual code complexity itself, but most of the
time that can be avoided by not tying the state table into the site's
authentication backend.

I haven't seen any good "off the shelf" systems that do this so maybe there's
a niche to be filled.

------
DanBC
Here's roughly why:

PGP was invented. No-one used it. Cypherpunks warned everyone about intrusive
government spying. Everyone ignored them We had things like ECHELON and key-
escrow and clipper chip and etc etc. No-one cared. Various privacy and
anonymity services and software were invented. No one used them.

The only people using these services were criminals or trolls, with a teeny
tiny fraction of legitimate users.

To keep up with the arms-race these softwares got more complex. Because no-one
uses them there's no-one to program them or to improve the gui, and so they've
gained in complexity while keeping a lousy user experience.

No one wants to accept Tor or similar because it just opens up your service to
a bunch of trolls, and without so many legitimate users there's no point.

tl:dr It's your own fault, sheeple. You walked into this.

~~~
dfc
I think bifrost's answer was better, "because its hard." It was not worth the
effort for people to make tor friendly websites before, I am hoping that now
that the cpunks have been vindicated more developers will take the time to
make sites that are privacy friendly.

~~~
DanBC
I'd be amazed if more than a tiny handful of people close their facebook
accounts or move away from Google or install (and use) PGP / GPG.

FB has had privacy complaints for years and it did nothing at all to prevent
people signing up in droves. The number of people not using FB because of
privacy is tiny.

To imagine that website owners will make privacy friendly sites is, and I say
this as politely as I can, nuts. Look at the god-awful mess they make with
accessible sites (legally required for many sites) or gracefully degrading
sites (best current practice) or mobile sites (a huge user base, where not
serving them affects sales or repeat visits).

Most of these sites need advertising. Thus they usually need your information.

Have any of the sites expressing outrage at spying done anything to reduce the
amount of tracking that they use?

I'll make you a bet: If by 2013-12-25 there are more mainstream sites offering
'privacy portals' or tor-friendly options or the equivalent I'll pay $20[1] to
the EFF.

[1] I'm poor! And a skinflint!

~~~
dfc
Lets make this fun. First we need to do some housekeeping. Define what me
winning will look like. AKA define what "more" means? Can we agree that hidden
services like DDG's hidden service count? I have no problem setting the bar
fairly high for what sites count. As far as I am concerned billybobsblog.com
does not count.

Second, if I "win the bet" this equally poor person will donate an additional
$20 to the eff.

~~~
DanBC
Excellent!

I'm pretty flexible about what counts as winning.

If DDG's recent upswing is maintained I guess that counts as a win. If some
other mainstream sites announce privacy services I guess that counts as a win
too.

