Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Tor Traffic
CloudFlare is only the tip of the iceberg, many companies do the same, including Yahoo, Google, Akamai
· By Catalin Cimpanu
Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that’s apparently making the life of Tor users a living hell.
The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. These measures are also affecting legitimate Tor users.
The way CloudFlare deals with Tor users is by flagging Tor exit nodes and showing a CAPTCHA challenge before allowing them to continue to their desired website.
CloudFlare’s CAPTCHA challenge for Tor users is not working properly
Tor Project maintainers are saying that CloudFlare’s anti-DDOS technology often malfunctions and forces users to fill in CAPTCHAs multiple times over before reaching their desired website. This issue is also confirmed by your reporter who often times had to fill in CloudFlare CAPTCHAs for more than ten times before finally being redirected to a desired website.
Besides discriminating Tor users by showing them CAPTCHAs, Tor Project maintainers are also accusing CloudFlare of adding cookies to Tor traffic sessions so they could track users. Furthermore, Tor Project members found it very difficult to engage with the company and talk with someone about all these issues.
Currently, Tor Project maintainers are thinking of adding a message that would read “Warning this site is under surveillance by Cloudflare,” whenever Tor users would be accessing a CloudFlare-protected website.
Other companies also discriminate Tor users
The practice of discriminating Tor users is not something that’s specific to CloudFlare only. A recent study by eight researchers from the UK and the US has come to the same conclusion.
The researchers found that over 1.3 million websites actively block connections from the Tor network, including 3.67% of Top 1,000 Alexa sites.
The Tor Project is very well aware of this issue, and even maintains a list of services that actively block its users.
Outside these, there were also numerous sites that even if they don’t block Tor traffic, they make it extremely uncomfortable for Tor users to navigate and use their services.
Many sites are using CAPTCHA challenges or are limiting access to some of their services’ features (Yahoo and Google, for example). In their study, researchers concluded that while not ideal, showing CAPTCHA challenges is a much more appropriate solution to dealing with Tor users than blocking them altogether.
While multiple studies have shown that the Tor network is often leveraged for cyber-attacks, researchers said that it would not be fair to discriminate against all users because of a few rotten apples.