This!

Whilst I understand that IP-based defence is quick and easy, I agree with nieldk that it is not the best option. The best defence would be behavioral based. It may require more effort to set up but should be easily automated once done, with no (manual) moderating involved.

Absolutely. There is no point in trying to fight it by blacklisting tor, that is my point (well, one of them).
As You have noticed, we have also been spammed from other sources, like China.
There is not point, we cant prevent it from happening, but we can minimize it by making it harder.
The clever spammer, or professional if you want, dont need tor, and probably is not even using it.
Any proxy will do even better.

and...

So yeah, the problem here then is not with blacklisting TOR; it is with blacklisting.

I guess all I've been trying to say here is that there's no good reason to treat TOR any different than any other IP provider. Everyone should be treated equally.

As I understand it, the primary reason for why Tor access has been blocked is to prevent spam. Whilst DDoS attacks are of course possible, I wouldn't have thought that TMO would be a likely target and even if we were targeted, anonymous proxies are only used in one fifth of DDoS attacks so blocking Tor does very little to prevent them.

A simple human verification question that everyone here can answer such as "What is the is the name of Jolla's OS?" or "Which company created Maemo?" would largely solve the spam problem and would help to prevent the spam attacks that still occur despite the current blacklist solution.

I do however think that HTTPS access to TMO should be set up first having read this earlier today.

What if a spammer creates a bunch of sleeper accounts?
It would bypass most of your suggested checks.

Also what if you remove legit accounts?
It would be the exact same issue as blocking legit Tor users.

Depending on how possible it would be, one option would be just to allow guest access to tor users. This would allow tor users to keep their privacy and read the forums and stop spammers from being able to use Tor.

afaik the last attack was not only spam but more like a password-steal-attack. And all of above solutions/proposals would not have helped here.
But only blacklisting those adresses where the attack came from.
And yes it is inconvenient. But (just as an analogon): would you like to enter a plane where there is no security check at all? [me for sure not]
Not that I would like Datenvorratsspeicherung nor any other in-advance-protection-by-prediction. But tthere is a price to pay for security.

--
and always remember (at least my knowledge): the more often you use tor the more likely it is you hit an 'official' exit node (run by authorities) and getting noticed...

I will repeat, I understand all the reasons behind the decision. But I still dont think it really helps using blacklisting.
As for "But tthere is a price to pay for security.". Why are we not using HTTPS all over TMO then ?

TOR has been under a sustained propaganda attack in the British media. It has been referred to as "dark net", blamed for harbouring paedophiles etc. This image is hardly going to change if even the people who should know better sign up to the same bull****.

My point of view is: if you are using a proxy, or a Tor exit node, be prepared to it being blocked for a duration of a spam attack ongoing through same proxy (or Tor exit node). To make matters easier for Tor users, the blocking could be of read-only kind: you can read forum, but you cannot log in aka send posts or private messages through it.

Since Tor's purpose is anonymity, logging into an account while using Tor doesn't make much sense, anyway. Right?

And if anonymous users were allowed to post without logging in... How would forum be protected from spambots? Registration of an account includes many "are you human?" checks, and spammers still like to bypass them (even if they have to use actual human-time to do it). Would you still enjoy anonymous Tor access if you had to jump through half a dozen different captchas for every post?

I would run a Tor exit node. But I would have to get a 24/7 server dedicated to it, first. And research the local implications of running it (high traffic? restrictive laws? whatever).

Tor isn't blocked here "just because it's Tor". Tor is blocked for duration of spam attack using this particular Tor exit node. It doesn't make sense to whitelist Tor exit node just because many other-non-spammer people are using it, unless you find a good way to protect forum against spam-attack (which doesn't involve too-many-human-hours of work from moderators). It could make sense to implement particularly nasty captchas-before-making-a-post against this particular IP for the duration of attack from it, if it's possible.

Just my personal opinion. And yes, I would support addition of https access to TMO.

Thank you. Best wishes.

I'm wading into the morass here too...
looks like fun
I concur with Wiki
In fact I go further.
I do believe in the individuals right to protect themselves.
That is something I think everyone here can agree on.
But an individual thinking they can comment anonymously.. express their views...and expect to "stay" anonymous ...and that the result of the state of technological security today is somehow the fault or responsibility of either "Powers" or "Authorities" or "Governments" or "whatever bad people/ groups" or "Maemo" or "TMO" ....and wish or demand some sort of compromise or allowance or whathaveyou...alllll because ...?
Because people wish to post from a position of anonymity in a public forum?
How does any open and accepting community embrace anonymity?
Not well ...when it boils down to it.
I think either an individual should be open and honest and simply accept the consequences for their words and actions uttered and done in the full view of the public...*
or ...don't bother saying a thing.


And please please please no one rear the specter of being "monitored" and "recorded "by your connection without safeties like tor...yet again.
Because the moment you get off your smart device or computer thinking you are so anonymous and walk outside your home...
there are countless cameras with footage of you walking down the street...there are drones everywhere now ..there are dashcams , atm's, store cameras, parking lot security cameras, cameras at street intersections, satellites in the heavens, and more..and don't forget there is everyone else walking beside you with their bloody iphone ...just hoping you'll snap from societal stresses.. so that they get to film you as the cops are hauling you away for attempting to go on a killing spree with a blunt tongue depressor and put the vid up on youtube before you are even "booked" at the station...as their "claim-to-fame" and subsequent hope to do the talk show circuit....

And if that isn't enough...All the people who have been "smart" to start using tor within the last few weeks, months, year, years, half decade...more...you don't think that the powerful governments of this planet do not have files on you and everyone else "predating" your and everyone else' new interest in security?
really?

Sooo...either man-up and speak your mind responsibly and join in community dialogue..like other people do.
or
do not engage in public discourse and remain anonymous as you wish or you truly, justifiably, and understandably need to be.
But I do believe the ability to have one's cake and eat it too is rapidly ending.



*which people are being put to task with now...
and in fact ...
now sites are going to be held responsible for the utterances of their members and their behaviour...directly.
Hell of a legal precedent was set..
I posted about the landmark decision here in the forum..

This means ...the boys at the helm of the good ship tmo have to steer this ship well or the site is held accountable...
and that means essentially no crap people...no hate mongering...or racism ...or ..well alotta the bad stuff people should know better than to speak anyway..... .
Anyway..in light of the fact sites are now legally accountable for the people in them...members, posts in their forums...etc.

I see the issue of needing a firm hand concerning tor...
in tandem with the issues of stringent moderation.
Both directly pertain to our sites safety, accountability and longevity.

I don't see it as a "desire" or a "wish" or whatever could be taken out of context from my words... that is truly not relevant .
It is what the civilization around us and their courts of law are beginning to demanding of us now.
That is what is truly relevant.