Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic (softpedia.com)

Posted by timothy on from the men-in-the-middle dept.

An anonymous reader writes: Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that's apparently making the life of Tor users a living hell. Tor administrators are saying that CloudFlare is making Tor users enter CAPTCHAs multiple times, tracking their Web sessions, and sharing data with other companies. Additionally, a study by some UK and US researchers found that are 1.3 million websites blocking access to Tor users, 3.67% being Alexa Top 1000 sites.

7 of 116 comments (clear)

  1. Well by Anonymous Coward · · Score: 5, Interesting

    Although I am for an anonymous internet, all serious attempts to enter our systems have come from Russian, Chinese, Korean and Tor ips. And an ignorable part of traffic from those IPs is legitimate.

    How do you stop Tor from being abusive?

    1. Re:Well by Aighearach · · Score: 4, Interesting

      What I would do is to increase the presence of US law enforcement on Tor.

      Tor was created by the US government, not for privacy but for freedom of political and cultural speech under oppressive regimes. The whole premise of Tor was that a citizen of a repressive regime would be able to access the internet as if they were in a free nation; they would appear on the internet as being from there, and the only people who would have enough network access to identify them would be the people on the western side.

      Those people are the "legitimate" traffic. The reason why libraries sign up as Tor nodes is to grant people under repressive regimes to view the world as it is viewed from a western library.

      It is hilarious the people who think Tor would be some sort of "privacy" service that would shield their browsing from the US Government. The whole premise was to create a safe space for communication that was locally banned, but legal in the US and like-minded States. In my opinion, if people want to prevent Tor from being banned as a source of abuse, all they have to do is limit its use to the intended use. If they want it to be broadly used for other things, eventually it will be blocked from accessing almost anything, because DoS attacks are a thing.

  2. Cloudflare is annoying by Aaden42 · · Score: 5, Interesting

    The Cloudflare DDoS stuff is really annoying. You have to enable JavaScript (and it takes a few seconds) to load pages that would otherwise display fine w/ NoScript blocking just about everything. I'm at the point where I just close most pages that use it and treat them like clickbait crap on Facebook. Yeah, that headline sounds interesting but not worth the frustration and security risk.

  3. A living hell by xxxJonBoyxxx · · Score: 4, Insightful

    >> making the life of Tor users a living hell: enter CAPTCHAs multiple times, tracking their Web sessions, and sharing data with other companies

    Are you sure they're not just anonymous SlashDot users?

    In any case, you have an odd definition of a "living hell" even from a first-world perspective.

  4. Re:Yeah I've noticed that... by Anonymous Coward · · Score: 5, Interesting

    And even if it doesn't, it manages to break the 'web in all sorts of interesting ways. Javascript really shouldn't be a basic requirement just to load a page, for one.

    Aside: Math fail? 0.0367 * 1.3*10^6 = 47710, those don't all fit in the alexa top 1000, or it secretly isn't a top 1000.

  5. Perens.com and is on Cloudflare by Bruce+Perens · · Score: 4, Insightful

    I've been using Cloudflare for a few years, and they've helped me handle traffic and abuse from my one-server site and have never been a problem or expensive. Nor have they been malicious. I also have some Open Source projects like FreeDV.org going through Cloudflare.

    One of the things they do is protect me from web attacks. It's an unfortunate fact that Tor really is used for web attacks.

    Obviously, if there is a problem with their capcha, they need to fix it. I think it's perfectly fair for someone who is approaching the site through a known attack vector to have to pass a capcha once.

    Regarding cookies, you're always going to get one on my site, whether you are using Tor or not, to support logins. HTTP isn't session-based and you need cookies to simulate sessions, so that you can have logins and dispense privileges where appropriate. One would expect that Tor users understand how to deal with cookies, and with less civil attempts to nail down their identity.

    --
    Bruce Perens.
  6. Re:Yeah I've noticed that... by moehoward · · Score: 5, Funny

    .. What 0.7 of a web site?

    Yahoo. That's what.

    --
    "If you want to improve, be content to be thought foolish and stupid." - Epictetus