[tor-dev] Advice regarding Cloudflare

Ryan Carboni ryacko at gmail.com
Sun Apr 3 05:31:29 UTC 2016

I could see why cloudflare is annoyed with you, you are annoying
activists from their perspective, although you folks aren't chaining
yourselves to coal power plants . But I also use Tor from time to
time, so I'll offer some advice.

On the Tor side, a way to minimize abuse is for exit nodes not to
allow multiple IP addresses from a single circuit. This would make web
crawling with Tor expensive, although it will disable the ability for
a single tab to use a single exit node.

Another method is to request a sort of proof of work on the Cloudflare
side. Given current protocols, the simplest would be to require ECDHE
with secp521r1 with each Tor connection and disallow unencrypted
connections. It will be more bearable than a captcha.

More information about the tor-dev mailing list