Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that's apparently making the life of Tor users a living hell. The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. The way CloudFlare deals with Tor users is by flagging Tor exit nodes and showing a CAPTCHA challenge before allowing them to continue to their desired website. Tor Project maintainers are saying that CloudFlare's anti-DDOS technology often malfunctions and forces users to fill in CAPTCHAs multiple times over before reaching their desired website. Besides discriminating Tor users by showing them CAPTCHAs, Tor Project maintainers are also accusing CloudFlare of adding cookies to Tor traffic sessions so they could track users. The practice of discriminating Tor users is not something that's specific to CloudFlare only. The Tor Project is very well aware of this issue, and even maintains a list of services that actively block its users. Outside these, there were also numerous sites that even if they don't block Tor traffic, they make it extremely uncomfortable for Tor users to navigate and use their services. Many sites are using CAPTCHA challenges or are limiting access to some of their services' features (Yahoo and Google, for example).
While multiple studies have shown that the Tor network is often leveraged for cyber-attacks, researchers said that it would not be fair to discriminate against all users because of a few rotten apples.


After being accused of intentionally sabotaging Tor traffic last month, CloudFlare has come forward with an official statement in which it explains why the company does what it does. Regular Tor users are well aware of CloudFlare's practice of showing CAPTCHAs to users who are accessing the websites of their clients using a Tor exit node IP.
According to CloudFlare, this measure was implemented after it constantly saw Tor IPs being abused for suspicious activity. This includes a large amount of comment spam, requests from vulnerability scanners, ad click fraud, content scraping, and login scanning. On the matter of surveillance, also raised by members of the Tor Project, CloudFlare has denied that it tracks Tor users across its infrastructure, saying that they actually do the opposite, opting not to implement a super-cookie like system. Nevertheless, CloudFlare admits that it does track and mark Tor exit node IP addresses and it also assigns them higher threat scores. The decision is controversial and will likely annoy legitimate Tor users, but to be fair, CloudFlare is a security firm, and all its clients hire its services for this purpose.
In fact, CloudFlare reveals that many of its clients would like to downright ban Tor traffic altogether, and it is only because of CloudFlare that this hasn't happened yet.
The company explains that it intentionally left out options in its customer backend panel that would have allowed its clients to blacklist Tor, and only shows the option to whitelist Tor addresses or show a CAPTCHA field. The decision was made because the company fears the scandal that would come with blacklisting Tor traffic altogether.


The company has also recently started working with the Tor Project in order to create some sort of client-side solution in the Tor Browser itself, so CloudFlare and other security firms can distinguish legitimate Tor users from automated requests and ban the latter. Additionally, CloudFlare also wants the Tor Project to start using SHA256 for generating .onion addresses. This issue is also confirmed by your reporter who often times had to fill in CloudFlare CAPTCHAs for more than ten times before finally being redirected to a desired website. Furthermore, Tor Project members found it very difficult to engage with the company and talk with someone about all these issues. A recent study by eight researchers from the UK and the US has come to the same conclusion. In their study, researchers concluded that while not ideal, showing CAPTCHA challenges is a much more appropriate solution to dealing with Tor users than blocking them altogether. Because the Tor Browser includes user anti-fingerprinting protection, and because CloudFlare says that it respects the project's goal of providing anonymity to its users, it has no alternative than to show CAPTCHAs to users coming from a Tor-based IP.



Setting up icloud drive on mac 10.9
Ver online storage wars ursula
Backup iphone senza icloud 3.0


Comments

  1. 10.11.2015 at 19:25:29


    Its own cloud computing canary's extended plans include increased.

    Author: NELLY
  2. 10.11.2015 at 22:15:29


    Backup and it backs up everything that's on your hard that, it now offers more.

    Author: SamiR