Hacker News new | ask | show | jobs
by occultist_throw 3193 days ago
Indeed. If I recall correctly, it was when there was a 200+ comment thread with the top comment being about abusing Tor users WRT Cloudflare. I believe the CEO showed up, and then later ran an internal test on engineers forcing all of them to run through Tor.

For a short while, it was significantly better. It probably lasted for 3-5 weeks, and then things fairly quickly progressed back to their usual, namely being captcha hell.

(Request first page, do captcha, click on next link, do another captcha, go back to first page, do captcha... wash rinse repeat.)
1 comments
jerheinze 3193 days ago
Are you sure that you're using the Tor Browser? If you're shoving up your browser's traffic through Tor and its header is different from the Tor Browser you'll in most cases end up with a captcha.

Edit: Also the event you described happened much earlier than when the drop of Cloudflare captchas happened, which was around if I remember correctly when Google announced "invisible captchas".

link
nilved 3193 days ago
So how is that a solution? The problem is that Cloudflare blocks Tor, not Tor Browser: not every Tor user uses Tor Browser.
link
occultist_throw 3193 days ago
> So how is that a solution?

Well, it's not.

> The problem is that Cloudflare blocks Tor, not Tor Browser: not every Tor user uses Tor Browser.

Except the advice is, even when it does block Tor Browser, as they say it doesnt, the answer is to use Caching services.

The problem here is, it's now taboo to call these issues out. My posts' scores are -3, -1, and 1... I highlight this because it hid my main post. And alas, "-1" is used to silence legit grievances.

link
jerheinze 3193 days ago
> So how is that a solution? The problem is that Cloudflare blocks Tor, not Tor Browser: not every Tor user uses Tor Browser.

Well then they did a favor to you and you should thank them, if you're using Tor without the Tor Browser chances are big that you're screwed by your fingerprint and lack of first party isolation and stream isolation, see the 2nd last paragraph here for example https://news.ycombinator.com/item?id=14583699

link
nilved 3190 days ago
The Tor bundle is necessarily less secure than something like Qubes. Tor and the browser should be separate. Advanced users are capable of evading fingerprinting in exactly the same way.
link