[tor-talk] CloudFlare blog post

Thu Mar 31 16:27:24 UTC 2016

On 3/31/2016 12:25 AM, Andreas Krey wrote:
> On Wed, 30 Mar 2016 15:19:09 +0000, Joe Btfsplk wrote:
> ...
>> At times, Cloudflare or some sites may say, "Gee, whiz - we're not
>> blocking TBB intentionally.  We're working on a solution."
>> But I don't buy that  100%.  It's possibly just a politically correct
>> excuse vs. saying, "We can't track you around the globe / make $, so we
>> don't want you taking up bandwidth or other resources (like site tech
>> support, etc.).
> It would be quite a lot of effort to do that this way, especially since
> the (preliminary) outcome is the same - sorry, it won't work any better.
>
> What I wonder is how they want to make a difference using .onion addresses
> for their customers - tor crawlers can take that redirect just so.
Andreas, sorry - don't understand part of your comment.
"It would be quite a lot of effort to do... *what?*... this way... - 
sorry, it won't work any better."
Are you saying they it's a lot of effort for them to block Tor / TBB?  
Or any browser - with any particular addons / plugins, settings, for 
that matter?  I'm no expert, but IIUC, it'd be very simple.
Just script,  If Browser=TorBrowser, then captcha response = 
"incorrect."  Or TBB users must enter correct captcha a minimum of X 
times before accepting, etc.
>> And for all the other sites that don't use Cloudflare (or other
>> unsolvable captchas), but don't block TBB, if _"90+% of all Tor traffic
>> attempts something malicious_," then how in the world do all those sites
>> stay in  business / stay up & running?
> 90% of tor traffic isn't 90% of total traffic.
True.  Neither CloudFlare CEO nor I said it was.  He said, " ... "94% of 
requests that we see across the Tor network are _per se_ malicious," 
(what ever he means) w/o backing up the statement.
Again, if what CloudFlare CEO said is true, I don't see how other sites 
not using thier captchas & blocking Tor, keep running.
I've seen Cloudflare on low value target sites, like wood screw mfg info 
sites & similar.  Unless other screw mfgs are sabotaging them, I doubt 
much malicious activity is directed at such sites.

94% is saying essentially ALL Tor traffic / requests are "per se" 
malicious or use inordinate amt of resources.  That leaves me & 6% of 
users that aren't.
Maybe ? he's counting crawler *individual* requests - page by page - as 
malicious?  They might make many more requests than real users, thus the 
94% claim?

His statement(s) & reasoning about blocking Tor still seem strange.  As 
they say, "follow the money trail."  "Money trumps all other reasons / 
motives."
I still say trackers aren't going to pay sites for TBB traffic. Don't 
say, "You're using Tor - get lost" - bad for public relations.  Instead, 
play dumb & covertly discourage (some) Tor users  - so they access the 
site w/ unhardened browsers.

Can't sites tell the difference in actions of crawlers & real users?
I'm sure some use browsers other than TBB for crawling & malicious 
activity.  Can't sites block / time-out crawlers from continuing to 
access entire site, once it becomes apparent - regardless of which browser?

I get "time outs" from making 2 very narrow term searches in < 2 min. or 
so, on some sites I'm registered on & participated - for a long time.
Why can't sites do the same w/ crawlers' rapid, repeated requests?

>   Also, e.g. those sites
> will just see that the email addresses they publish are getting spammed,
> but they won't even make the connection to crawling via tor.
>
Don't get the connection between this & the issue of Tor being blocked 
by Cloudflare.