Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

An anonymous reader writes: Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that's apparently making the life of Tor users a living hell. Tor administrators are saying that CloudFlare is making Tor users enter CAPTCHAs multiple times, tracking their Web sessions, and sharing data with other companies. Additionally, a study by some UK and US researchers found that are 1.3 million websites blocking access to Tor users, 3.67% being Alexa Top 1000 sites.

Well

Although I am for an anonymous internet, all serious attempts to enter our systems have come from Russian, Chinese, Korean and Tor ips. And an ignorable part of traffic from those IPs is legitimate.

How do you stop Tor from being abusive?

Re:Well

[Aighearach]

What I would do is to increase the presence of US law enforcement on Tor.

Tor was created by the US government, not for privacy but for freedom of political and cultural speech under oppressive regimes. The whole premise of Tor was that a citizen of a repressive regime would be able to access the internet as if they were in a free nation; they would appear on the internet as being from there, and the only people who would have enough network access to identify them would be the people on the western side.

Those people are the "legitimate" traffic. The reason why libraries sign up as Tor nodes is to grant people under repressive regimes to view the world as it is viewed from a western library.

It is hilarious the people who think Tor would be some sort of "privacy" service that would shield their browsing from the US Government. The whole premise was to create a safe space for communication that was locally banned, but legal in the US and like-minded States. In my opinion, if people want to prevent Tor from being banned as a source of abuse, all they have to do is limit its use to the intended use. If they want it to be broadly used for other things, eventually it will be blocked from accessing almost anything, because DoS attacks are a thing.

Cloudflare is annoying

[Aaden42]

The Cloudflare DDoS stuff is really annoying. You have to enable JavaScript (and it takes a few seconds) to load pages that would otherwise display fine w/ NoScript blocking just about everything. I'm at the point where I just close most pages that use it and treat them like clickbait crap on Facebook. Yeah, that headline sounds interesting but not worth the frustration and security risk.

Re:Cloudflare is annoying

The javascript requirement is because that's how they de-anonymize you behind TOR. (One of several ways actually, but a key one). They're depending on people dumb enough to run arbitrary scripts from tracking agencies while somehow fooling themselves into believing they are still anonymous.

Re:Yeah I've noticed that...

And even if it doesn't, it manages to break the 'web in all sorts of interesting ways. Javascript really shouldn't be a basic requirement just to load a page, for one.

Aside: Math fail? 0.0367 * 1.3*10^6 = 47710, those don't all fit in the alexa top 1000, or it secretly isn't a top 1000.

Re:Yeah I've noticed that...

Its not just TOR but also anyone using a VPN.

Sometimes I have to verify 3 times in sucession just to visit a single website only to find that there was not much on that site.

More and more sites are using Cloudflare and it's really annoying me and if they are tracking as well then bang goes you anomity, so your going to have to randomise agent strings with gibberish to try and fool the software from tracking