Hacker News new | ask | show | jobs
by D-Nice 1861 days ago
Why is every and any TOR and sometimes VPN user deemed a DoS attack... it discriminates against users who value privacy by forcing hCaptcha on them by default. Worst of all... it could be a de-anonymization attack as well, hence why I as a regular TOR user, just exit the page immediately when that happens.

For any of my pages that do happen to use Cloudflare, I am luckily able to disable this discrimination in the CP so kudos for that at least, but terrible defaults imo.
2 comments
ehutch79 1861 days ago
Because that's a not insignificant portion of traffic they see from tor and vpns?

tor has some absolutely valid and import use cases, but what percent of tor exit traffic is actually someone trying to keep their traffic anonymous from the eyes of an oppressive regime, and what percent are script kiddies, or someone hiding torrenting from their isp?

link
withinboredom 1861 days ago
Are you one of those people that answers the door with a gun, even when you’re expecting a friend?
link
sroussey 1861 days ago
From experience, traffic via Tor was always 99%+ fraud.
link
jlokier 1861 days ago
You can conduct fraud by accessing public, read-only web pages? You can conduct fraud by searching on Google?

Those are the two I find repeatedly blocked when accessing via Tor. The former by Cloudflare, the latter by Google.

I use Tor to lookup phone numbers that have just called me, to decide whether it's a good idea to answer. Since I don't want to be personally associated with such numbers I prefer to search anonymously. But often it's impossible to get a result.

Sometimes even spending 5 minutes solving captchas isn't enough. (I'd only spend that long to see if it's just an outlier. No, it's quite common.)

This creates an immense pressure to tell various services exactly who is phoning me, which is a terrible attitude to privacy.

link
ehutch79 1861 days ago
Then don't use sites that are behind cloudflare?

It's not your choice if the site owners/admins use cloudflare. It IS your choice not to use those sites.

link
jlokier 1861 days ago
In practice the information I'm looking for is behind Cloudfare. There are other sites; they tend to lack the information.

There is no "don't use" if I want to get my task done.

I can choose not to obtain the information, but then I still have the problem I started with.

link
sroussey 1855 days ago
For the companies I worked for, we usually allowed Tor as read only. But net ops might override that, particularly when things moved to https traffic.
link
tibiapejagala 1861 days ago
Well, if you keep throwing impossible captchas at them, no wonder that normal users just close the tab, but bots and fraudsters keep trying.
link