-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Website blacklists Tor exits #1
Comments
This is an excellent place to report the issue, thanks for letting us know. Our simple-minded hosting service responds to excessive failed login attempts to web panels by blocking the IP address, so now a variety of Tor exit nodes are blocked. They can also only add whitelisted IP addresses one at a time. sigh I'll work on a resolution this. |
Currently Tor users are not outright blacklisted, but they are required to pass CloudFlare CAPTCHAs, which are bothersome (the CAPTCHAs often take many tries; I've had to solve 6-7 in a row before), unnecessary (I highly doubt that much abusive traffic is coming from GET requests, so whitelisting GET requests would be much less disruptive to Tor users while not resulting in much extra abuse), and a security issue (the CAPTCHAs usually fail when Javascript is disabled, and many people in your target audience disable Javascript in TorBrowser to protect against deanonymization Firefox zero-days). There are also issues with CloudFlare being what in anonymity research is called a "global active adversary", i.e. they can fiddle with traffic in a very large number of connections, which makes a lot of deanonymization attacks easier if CloudFlare is either evil or simply compromised (maybe by an NSL or court order, or maybe by technical attacks). This is still definitely better than simply blocking all the Tor exits, but improving this situation would be most welcome. I had to read the wallet privacy report by grabbing the PDF from GitHub (which doesn't discriminate against Tor), which I doubt many people will think to do. Cheers. |
Hi,
I'm not sure if this is the right place to post this, but it seems that http://www.openbitcoinprivacyproject.org/ is blacklisting Tor exits. When visiting in TorBrowser I get the following message:
Switching circuits doesn't help. I assume this is not an intentional policy of OBPP and rather some kind of misconfiguration... any chance someone could look into this?
Thanks.
The text was updated successfully, but these errors were encountered: