CloudFlare Wants Tor To Change Or Risk CAPTCHA Blockades

An anonymous reader writes: CloudFlare's co-founder Matthew Prince has publicly appealed to work with the Tor Project on implementing a solution that will stop the high incidence of Tor users being challenged by CAPTCHAs whilst browsing. Prince proposes the implementation of a Tor plugin that would communicate with CloudFlare servers to provide temporary, anonymous identification to bypass the CAPTCHAs, and has presented the code on GitHub. Other possibilities mooted include the adoption of higher-level encryption, which would be likely to adversely influence a network which already has native (and inevitable) latency issues. CloudFlare's public post on the matter comes after five turbulent weeks of comments-section debate between CloudFlare and Tor, and seems to be an appeal for public arbitration on the matter.Prince further noted that 94% of the traffic CloudFlair sees is "per se malicious." From his blog post: That doesn't mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.

Re:Just block them

[BronsCon]

In all seriousness: Cloudflare needs to go fuck themselves. What, are they in the pocket of the FBI/NSA/CIA/NID/{insert government agency here}, now? Wouldn't at all be surprised.

You do realize that CloudFlare is simply looking for a solution to the problem Tor users are complaining about, right? CloudFlare provides a CDN caching service and HTTP firewall; it is that second item that is causing problems for Tor users, as any nefarious activity from an exit node gets all users of that node flagged as potentially malicious. CloudFlare has three options, then: do nothing (e.g. tell Tor users to go fuck themselves), stop offering the service their customers use and pay them for (e.g. tell their customers to go fuck themselves), or help Tor find a solution to their users' problem.

This story is about them attempting to do the latter, which leaves you, and others like you, to practice a bit of self-love.

Re:Doing it backwards

[GuB-42]

The problem is that script kiddies love to launch attacks from Tor. And even though it is rarely effective and more damaging for the network than for the victim, proxies like cloudflare still need protection against them.