I'm not the guy you were talking to, but let me make one thing absolutely clear. You can't read that blog post on Tor because nobody is interested in making things "actually work" for you, because you (and the other people who won't or can't not use Tor for five minutes) don't matter to them. It's not a security fetish, it's just sensible prioritisation. They'll get around to you after every other bug is ironed out, their desk is clean, they've been on their weekly 10k run, and they've flossed like they've been intending to for a decade now. They. Don't. Care.
The tor users / hackers / ransomeware folks? For sure - we agree there. Because claim handling costs are way up there is going to be building emphasis on following things like this DHS alert on how to protect your network.
We're rolling out tor blocking our sites where we didn't used to need that. I think more automated options as well will come (think cloudflare) which will help folks with this as well and maybe jam tor users into perhaps recaptcha loops or similar? Not sure what right solution is to filter out the tor users - hard block or try and detect and recaptcha etc.