>>dredmo+(OP)
Decentralisation fans take note: despite wanting to remain independent, the only effective solution was in this case to re-insert a giant global intermediary (Cloudflare) and block all the anonymous unaccountable Tor users.
If a decentralised system is to stay decentralised, it needs to consider spammy bad actors.
>>pjc50+RJ
That's true, Cloudflare has mastered the art of DDoS mitigation and they have developed some amazing tools [1] to achieve that, and fortunately they are sharing some of this knowledge. With the advent of eBPF, I reckon that this kind of tooling will become more accessible and easy to deploy for people that do self-hosting. I also hope that DDoS mitigations based on web of trust or other type of cryptographic identity [2] will come about in the future, although I wouldn't hold my breath for that.
>>lifty+ZO
Their main form of mitigation is sheer size. On a smaller ISP you can just get your entire uplink saturated by the attack. Even if you correctly drop 100% of the attack packets that reach you, your system is still unusable.