| HN Mirror

I can use more or less all other websites with Tor fine, though. It's only Stack Overflow that insists on this nonsense. On most other sites, including this one, I can even make an account and post.

Is their site really so sensitive as to make reading with Tor impossible?

alexb_ 1589 days ago

If "fine" means "answering a new captcha every time you blink" then yeah, every other website works fine on Tor.

In my experience, this has gotten better. That was CloudFlare, and they've stopped now. I can't think of a single site that requires CAPTCHAs for Tor users other than archive.is, actually.

raxi 1589 days ago

Almost all torrent sites. Generally, "data" sites which people love to scrape and think that Tor is a good tool for that

foxfluff 1589 days ago

archive.is wastes your time on captchas even if you're not using tor

archive.is requires captchas for iCloud Relay users as well as blocking Cloudflare DNS users, so I wouldn’t consider them to be a Tor-specific example.

rmbyrro 1589 days ago

Good question. They might be trying to fight SPAM or else. Could just block posting, commenting and up/down voting...

asmr 1589 days ago

Please define "fine", a majority of websites and services either outright block Tor or severely limit the traffic.

james-redwood 1589 days ago

Tor generally doesn't work on Google services.

Is this actually true? I've often used Tor to access Google Docs and Google Maps and to my knowledge have never had a problem. In fact, I'm not even presented with Captchas.

zozbot234 1589 days ago

YMMV. Google Search might as well be blocked completely, I guess they don't want to deal with all the SEO-targeting search queries that would otherwise come from Tor.

wanderer_ 1589 days ago

I guess they could just not generate any data from your searches, but I guess that defeats the purpose, now doesn't it? :)

fought4thots 1589 days ago

> Is their site really so sensitive as to make reading with Tor impossible?

Very much so, strange if people here don't understand that, even at the best of times APT's could be discovered down the track by their SO queries, now compare today, with heightened tensions and certain nuclear armed superpowers talking about going to war with each other.

How is this even slightly surprising? SO is vital shit, if you don't agree feel free to null route the site the next time you have a major incident at work :)

There are public dumps of all the questions and answers; you'd imagine that anyone paranoid enough simply runs a local mirror.

Are you actually suggesting that SO/SE are blocking Tor because they intend to track all of their users by their IP addresses (or browser metadata), using national security as a justification?

I still do not understand how blocking Tor helps here. People who are concerned about their security will either use mirror sites, or use data dumps such as what is available at archive.org, or simply not use the SO/SE content at all. The number of users who will abandon Tor and the protection it provides for the express purpose of visiting SO/SE is negligible.

This move will not increase the number of persons who see SO/SE adverts or who are trackable by SO/SE. It will also not decrease the number of persons who will be able to access SO/SE content. So I continue to be mystified about the rationale behind this policy change.

If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.

If SE executives are really concerned about spam and vandalism by anonymous actors, then SE could Tor users to post assets in escrow (e.g. Monero) before posting. Similarly, if SE executives are concerned about denial-of-service attacks, then SE could rate-limit the sites that are causing the attacks; Tor is not efficient for that kind of attack anyway. There is no sound argument that blocking Tor entirely would further the interests of SE users.

This is the act of a monopolist in secular decline.

Cthulhu_ 1589 days ago

Tor is used for shady practices, just like proxies of old. SE has a lot of measures in place already to prevent shady practices. If 90% of traffic from Tor exit nodes is shady, why shouldn't they block Tor entirely?

If you access any website through Tor (or proxies) you're already more suspicious than the average user. If enough people cause trouble through Tor exit node IPs, it's only natural they get blocked.

https://web.archive.org/web/20170317110115/https://www.akama...

Actually, there is no evidence that Tor is any shadier than the rest of the Internet, especially given that most attacks and vandalism originate from botnets and other compromised systems, not Tor.

Akamai published an analysis that affirms this:

harabat 1589 days ago

Great resource, a surprisingly clear and detailed introduction to the various attacks faced by websites!

The relevant part:

> "we concluded that approximately 1 in 380 http requests coming out of Tor is verified to be malicious, while only 1 in 11,500 http requests coming out of a non-Tor ip were verified to be malicious. In essence, an http request from a Tor ip is 30 times more likely to be a malicious attack than one that comes from a non-Tor ip."

Because 'shady' traffic does you more or less no harm, unless your web application executes arbitrary untrusted input?

For a serious site, the cost of allowing passive reading is going to be ~0.

zxcvbn4038 1589 days ago

Pure propaganda. I used to work at a top five web site, Tor never caused us any problems, our problems were 1) hacked university accounts from eastern Europe 2) China 3) Russia 4) super-fans trying to download every video and picture of their favorite porn star at once.

We occasionally had people upload child porn, they did it over the public internet and not tor, our lead counsel was a former US district attorney, his hobby was doxing the uploaders and providing all the evidence and information to the authorities in a "ready to prosecute" package. I forget the exact number but I think he got almost a dozen people prosecuted and jailed.

Scoundreller 1589 days ago

I think it’s more like Tor traffic is 99.9999% less profitable.

“Legit” Users likely block ads, are unlikely to enter their credit card numbers because of MITM shenanigans and it’s one of the few browsers that takes non-fingerprintability of its users seriously.

If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.

A site looking to grow its influence would be more concerned with attracting new users than repelling them. This is the act of a monopolist in secular decline.

Not deanonymise, no.

Come up with a way for siteops to block someone and all their sockpuppet accounts, without knowing the underlying identity, and you’ll become a billionaire.

Without that, the only option we have today is deanonymization, which is a terrible option. We ought to do better.

zozbot234 1589 days ago

It's really just a matter of balancing the difficulty of creating a new "identity", so that legitimate users can occasionally use multiple identities to partition their traffic and make it harder to get doxxed, but are still deterred from creating identities cheaply to engage in sybil attacks or escape blocks. There are various ways of committing real-world resources to an identity to deter such abuse. Actual meatspace identity is of course one way of doing this, but there are probably others.

That’s all plausible sounding, but no one’s connected the dots and done it yet. We’re still at “step 2: ???”.

What you are assuming is possible is a logical contradiction. To be able to recognise two persons as being the same is in fact the definition of de-anonymisation. Please check your math.

paxys 1589 days ago

It is not a contradiction. See https://en.wikipedia.org/wiki/Zero-knowledge_proof as a somewhat similar example.

I'm not restricting my considerations to "the technology that is implemented and available to Tor users today", given that what's available neither meets the needs of sites, nor the needs of users. If you think that the idea is inappropriate, please state so and make your case for why you believe in your viewpoint. If you think that the idea is impossible, please note why you believe that — and then consider the idea as if it were possible.

fabian2k 1589 days ago

This is not the spam or vandalism counter-measure, those work differently and only block posting to the sites. And you can avoid them if you establish a reputable account, they won't affect you anymore then.

If it is not to block spam, or vandalism, or denial-of-service attacks, then what is the purpose of this new policy?

To your other point, how can one establish a 'reputable account' if it is not even possible to access the site in the first instance.

Reputation is a feature of identity. Tor users are, by definition and intent, unidentifiable. Opting out of identification naturally opts one out of reputation, as is the case in reality as well — for example, Anonymous using Guy Fawkes masks to prevent reputation from being associated with their citizenship identity.

I don’t understand why Tor users would be interested in reputation at all, given the implicit identification it requires.

capableweb 1589 days ago

I could understand Stack Overflow blocking access to register/signup for Tor users to avoid abuse, as sometimes spammers use Tor, so that kind of makes sense.

But not allowing Tor users to not even read the website? What's the justification for that? You couldn't even perform DDOS over Tor as the network speed is too slow, so Tor activity can't even be a blimp in terms of usage activity for logged out users, so what's the deal here?

fouc 1589 days ago

It might be interesting to have some sort of cryptographic identity that costs money to generate, and then gets associated with tor in some anonymity-safe way. But the identity would would need to somehow remain unidentifiable, so maybe that's not an identity after all. Tor has enough trouble with maintaining anonymity as is, with the lack of trust in the various routers because government runs many nodes in an attempt to identify tor users.

fyzix 1589 days ago

There's no such thing as "granular accountability". It's binary...there's no in-between.

stjohnswarts 1589 days ago

Of course there is. It depends on who might know you're on a certain website for example. My wife vs my best bud for example. One would hold me a lot more to account for some websites for example whereas my buddy couldn't care less.

hereforphone 1589 days ago

Is avoiding accountability the whole point of anonymity?

CaptainJustin 1589 days ago

For me anonymity can be a part of my privacy posture.