CloudFlare wants Tor to change or risk roadblocks
Thu 31 Mar 2016
Content delivery network provider CloudFlare has asked to work with the Tor Project to implement solutions that will allow users of the anonymity-providing web browser to avoid blocks, CAPTCHAs and a growing list of other impediments which seem to be signalling a war between Tor users and regular network traffic.
The California based company, which provides free and paid CDN services to two million sites around the world, commonly forces traffic from the Tor network into CAPTCHA blockades because of the prevalence of criminal activity on it. CloudFlare co-founder Matthew Prince writes that 94% of the requests that CloudFlare logs across the Tor network are ‘per se malicious’. ‘That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network.’ The post also claims that 6.5 trillion spam messages per year are sent to email addresses that are harvested by spambots using the Tor network.
Prince suggests that the incidents of CAPTCHA-challenge could be reduced if Tor adopted a plugin that could send ‘a cryptographically secure but anonymous token to services like CloudFlare in order to verify that the request is not coming from an automated system’. Draft code for the plugin has been provided by CloudFlare on GitHub.
The offer of compromise comes in the wake of a heated comments-section debate in the last five weeks in an already inflammatory post at the Tor Project entitled ‘Issues with corporate censorship and mass surveillance’. The initial post numbers CloudFlare among many ‘Global Active Adversaries’, and noted that one Tor user had to fill out 17 CAPTCHA’s on a single domain in order to browse it.
The subsequent comments thread represents an extensive and lively dialogue between Tor and CloudFlare, with particular emphasis on the CAPTCHA issue. CloudFlare representatives claim during the thread (and in yesterday’s official post) to have fixed an issue where a new CAPTCHA was presented to the user every time the Tor browser switched circuits, inspiring a caustic response from one Tor user :
‘Tor Browser will use a different circuit and a different cookie for each domain name. Users will continue to be required to solve thirty different CAPTCHAs a day for each blog, news sites, and other service providers they visit…To make an uneasy parallel, this is like street harassment. Men harassing women can happily think it’s nothing because they are only doing it once, while women have to endure tens (or more) harassers every single day. It adds up fast.’
CloudFlare nonetheless claims to have now resolved the issue:
‘We [made] a change based on the experience of having to pass CAPTCHAs ourselves that treated all Tor exit IPs as part of a cluster, so if you passed a CAPTCHA for one you wouldn’t have to pass one again if your circuit changed. Over the last twelve months we’ve made incremental progress toward our goal of finding some way to provide a CAPTCHA that distinguishes automated and human traffic without being too inconvenient for the humans — but we’re not there yet.’
Prince also suggests in his post that CloudFlare considers adopting stronger encryption than the SHA-1 algorithm it currently uses, a solution that seems likely to aggravate Tor’s already significant latency problem – and it can be argued that Tor’s ‘blind routing’ already adds more anonymity than is likely to be obtained by beefing up the encryption protocol at the cost of usability.
Prince additionally notes that website providers could follow the example of Facebook and create dedicated .onion sites which obviate the need for Tor to exit into conventional traffic. The presumable objections to this are based around the significant costs of synching traditional and Tor-based domains, a prospect unlikely to worry a provider at the level of Facebook.
Prince’s pro-privacy stance on CloudFlare’s behalf is treated with great cynicism in the Tor thread. One commenter posted: ‘If [CloudFlare] said fuck tor and blocked everything, they know there would be some quick reaction. With this strategy of keeping the service minimal, while engaging in discussions to give the impression they care, the Tor users are effectively blocked for a longer period of time.’
Comment To the casual observer of this very lively conversation, the core issue does not appear to be technical in nature. CloudFlare have proposed a considerable number of solutions to the CAPTCHA blockades, but all of them require the degrading either of the Tor service (such as full 160-bit SSL hashes, likely to slow the service to a crawl) or the anonymity it provides (such as a plug-in that makes special communication to CloudFlare in cases where a CAPTCHA might otherwise be encountered.) The same major force seems to be at work here as has played out between Apple and the FBI in the last two months.