Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic (softpedia.com)

Posted by timothy on from the men-in-the-middle dept.

An anonymous reader writes: Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that's apparently making the life of Tor users a living hell. Tor administrators are saying that CloudFlare is making Tor users enter CAPTCHAs multiple times, tracking their Web sessions, and sharing data with other companies. Additionally, a study by some UK and US researchers found that are 1.3 million websites blocking access to Tor users, 3.67% being Alexa Top 1000 sites.

8 of 116 comments (clear)

  1. Well by Anonymous Coward · · Score: 5, Interesting

    Although I am for an anonymous internet, all serious attempts to enter our systems have come from Russian, Chinese, Korean and Tor ips. And an ignorable part of traffic from those IPs is legitimate.

    How do you stop Tor from being abusive?

    1. Re:Well by Aighearach · · Score: 4, Interesting

      What I would do is to increase the presence of US law enforcement on Tor.

      Tor was created by the US government, not for privacy but for freedom of political and cultural speech under oppressive regimes. The whole premise of Tor was that a citizen of a repressive regime would be able to access the internet as if they were in a free nation; they would appear on the internet as being from there, and the only people who would have enough network access to identify them would be the people on the western side.

      Those people are the "legitimate" traffic. The reason why libraries sign up as Tor nodes is to grant people under repressive regimes to view the world as it is viewed from a western library.

      It is hilarious the people who think Tor would be some sort of "privacy" service that would shield their browsing from the US Government. The whole premise was to create a safe space for communication that was locally banned, but legal in the US and like-minded States. In my opinion, if people want to prevent Tor from being banned as a source of abuse, all they have to do is limit its use to the intended use. If they want it to be broadly used for other things, eventually it will be blocked from accessing almost anything, because DoS attacks are a thing.

  2. Cloudflare is annoying by Aaden42 · · Score: 5, Interesting

    The Cloudflare DDoS stuff is really annoying. You have to enable JavaScript (and it takes a few seconds) to load pages that would otherwise display fine w/ NoScript blocking just about everything. I'm at the point where I just close most pages that use it and treat them like clickbait crap on Facebook. Yeah, that headline sounds interesting but not worth the frustration and security risk.

    1. Re:Cloudflare is annoying by Anonymous Coward · · Score: 2, Interesting

      The javascript requirement is because that's how they de-anonymize you behind TOR. (One of several ways actually, but a key one). They're depending on people dumb enough to run arbitrary scripts from tracking agencies while somehow fooling themselves into believing they are still anonymous.

  3. Re:Yeah I've noticed that... by Anonymous Coward · · Score: 5, Interesting

    And even if it doesn't, it manages to break the 'web in all sorts of interesting ways. Javascript really shouldn't be a basic requirement just to load a page, for one.

    Aside: Math fail? 0.0367 * 1.3*10^6 = 47710, those don't all fit in the alexa top 1000, or it secretly isn't a top 1000.

  4. Re:Perens.com and is on Cloudflare by Anonymous Coward · · Score: 1, Interesting

    > Regarding cookies, you're always going to get one on my site, whether you are using Tor or not, to support logins. HTTP isn't session-based and you need cookies to simulate sessions [...]

    This is simply not true.

  5. Re:It's easy to see why by Aighearach · · Score: 1, Interesting

    One thing I've considered is maybe there should be an exit node that only accepts connections from countries that have repressive regimes, and few or no remotely-purchasable VPS hosting services. Or at least no VPS services with English or Russian sales pages. ;)

    Then you might have a safe exit node without all the American trolls and Russian criminals.

    Pre-emptive strike: No, I did not overlook that various technical changes would be required, I simply didn't go into it.

  6. Re:Yeah I've noticed that... by Anonymous Coward · · Score: 3, Interesting

    Its not just TOR but also anyone using a VPN.

    Sometimes I have to verify 3 times in sucession just to visit a single website only to find that there was not much on that site.

    More and more sites are using Cloudflare and it's really annoying me and if they are tracking as well then bang goes you anomity, so your going to have to randomise agent strings with gibberish to try and fool the software from tracking