There have been issues in the past with Cloudflare and Tor, but I don't know what the current status of that is. Certainly they aren't blocking everybody, or we wouldn't see them.
The one thing HN itself does is moderate comments from brand new accounts that are posted using Tor. We do this because of past abuses by trolls. However, when such comments are good they routinely get restored by users using the 'vouch' feature, or, failing that, we often restore them ourselves. So even this isn't much of a restriction. The main problem is that it makes for a time delay between when a (good) comment gets posted and when other users get to see it.
That's what I'm interested in, I'll add it to my bookmarks and use it by default. I don't see why we want to involve exit nodes at all.
You can disable CloudFlare's tor-blocking  - I do on my static blog, as I don't see much value in putting a captcha in front of static content.
It'd give me an interesting conflict if I ever had, as I take Cloudflare captchas as a huge negative indicator of trust.
Now the UK is stepping up surveillance silliness I use the VPN rather more, and expect many others are, or will. Which today just means endless unintelligently implemented CAPTCHAs.
They're working on it! There will be a talk about this about Real World Crypto 2017 in January, see "Solving the Cloudflare CAPTCHA" on the RWC program: http://www.realworldcrypto.com/rwc2017/program.
Shame RWC don't put out videos of past talks - there's a couple of others look pretty interesting too.
(Funnily enough, Google stopped giving us captchas at the same time ;))
It is really annoying how to even read HN you need to jump through hoops. I can possibly understand commenting and posting being restricted, but there's not reason to block simple views, it's not like anyone is going to use tor for ddos.
Perhaps not DDOS, but yes, tor is absolutely used maliciously:
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious. That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.
For more details, you can try contacting the mods firstname.lastname@example.org (from a throwaway email?)
I'm all for anonymity. However, until the tor project puts some effort into outbound traffic filtering for exit nodes it is too much of a time sink and headache not to just blackhole it all on servers that either do not serve public content or where anonymity really isn't needed/justifiable.
I put the code I use to block tor exit nodes in the public domain. You can download it here: https://github.com/vab/torblock
It's obvious that if you have a flood of nefarious traffic like this then you should throttle the TOR traffic. Overblocking is outright blocking TOR with no reason other than because you can, and it leaves many legitimate users frustrated and feeling like the site just self-censored itself.
It would be suitable in these cases to strike a happy medium and allow some TOR traffic through, but throttle suspicious-looking requests like mini 'swarms' of TOR exit IPs hitting the site all at once, which I think HN does, because some TOR idens work, whilst others do not.
Personally I refuse to provide any company with material that can link back to my personal social sites. It's simply not worth it. I'm not going to sanitize my digital life for the purposes of getting hired. I don't even provide links to my github because people read too much into what is or isn't there trying to parse out some signal that doesn't actually exist.
(Similarly I don't want my reddit or tumblr accounts connected with my professional space, but I do want my github and linkedin accounts connected with my professional space, and I try to keep my facebook account generally respectable; these days it's mostly shares of 'Old Friends Senior Dog Sanctuary' pictures and if any employer doesn't like that they I don't want to work for them).
It's the quality of the debate, not the value of the position
Note that only applies to subjective topics. If you're commenting about a purely technical topic then the voting system does seem to work more effectively.
Nor does having downvotes cause any automatic placement adjustment.
I review their comments manually to tell me about the person. It's a qualitative evaluation, not purely quantitative.
> I use applicants HN score, and comments as hiring factors.
I get reviewing the comments manually, but what could you use the score for besides a group think filter? Might be great for a sales position ...
Criteria varies. Red flags (such as loads of flagged comments here), name calling, threats, "bad" things.
Once and applicant was dismissed from my process because their comments on social (not just HN) showed a severe distaste for "n00b JS". The position clearly identified use of these tools. The demonstrated attitude would be caustic to my team and my junior devs would suffer.
Since companies always have more applicants than jobs we can be choosy. I filter for social fit first.
I can teach you to code. I don't know how to teach you to be respectful.
Again, HN profile is one of 100s of factors we compare on applicants
HN is a work-related profile for some jobs.
Hiring is already a minefield. HN or social profiles are just one way for either candidates or employers to blow themselves up.
Example: claiming they are active in tech community and having low score.
Claiming they've been around a while and having young profile.
It's about matching claims to reality.
No applicant is obligated to share. The whole tell me details about yourself is the candidates choice.
Social media has no relevance to work performance.
There is more to the hiring process than just raw skill.
I mean, I don't even waste time with coding questions. It doesn't matter that you can code circles around someone else if you are a jerk.
I think HN has a serious case of "we take ourselves too seriousky" -- there shouldn't be a penalty for making a joke on a website.
I don't usually use Tor but I thought I'd test what OP's saying.