[tor-mirrors] Testing cloudflare on a mirror of tor's website

Andrew Lewman andrew at torproject.is
Wed Sep 10 01:05:21 UTC 2014

On 09/09/2014 06:09 PM, Moritz Bartl wrote:
> With the current structure of mirrors, we already rely on 3rd parties
> with whatever policy they have. I don't think Andrew is actually
> suggesting to move the main site or main mirrors over there.

Correct. The point was to run an experiment and see what cloudflare will
actually cache and serve. Lots of mirror ops have asked about using

I'll highlight the key sentence in my email:

"The results are that using cloudflare doesn't offload the binaries,
which are what make up the bulk of traffic on the mirror."

Since the binaries are served up by the actual site and not cloudflare,
there isn't much point in using cloudflare. The only real point I see is
what Moritz highlights:

"It might actually allow some users to reach a mirror for which other
mirrors are blocked."

Unless some company/country are going to block all of cloudflare or a
CDN, our mirrors can still be reachable. This is the same idea that
David Fifeld is counting on with the meek transport using Google App
Engine. Blocking all of Google seems a huge cost vs the gain of stopping
some tor users.

The alternative is that cloudflare/cdn/google kick us off their systems
to avoid being blocked.

pgp 0x6B4D6475

More information about the tor-mirrors mailing list