Defend the public space

[mcfnord]

I believe our community is Jamulus’s most compelling feature. Ease-of-use is very compelling, reliability is very compelling, but ease of collaboration with strangers, especially over a long time frame (both in hours and years), is the strongest, most compelling feature and differentiator for us.

The geographically diverse, long-running servers provided by our volunteers are a key ingredient of that feature.

Over about a year, I have observed the development of code that can:

1. Send a chat to every public server.
2. Fill up every public server with connections.
3. Insert audio on every public server (same as any connection).
4. Draw from a vast supply of IP addresses.

If used maliciously, this code represents an existential threat to our public community.

Thankfully, we can eliminate most of this threat.

Most malicious code reaches our servers from "anonymizing" networks like Tor or VPNs. These networks provide many unique IP address subnets, and are often used for abuse and evasion, but they all come with high latency, so they’re never used by genuine musicians for music-making.

By excluding ASNs known to support anonymized traffic, we can dramatically reduce the risks posed by malicious connections.

[ann0see]

I fear that we could block valid users too.
Best we could fix something in the Jamulus code.