I do not believe cloudflare on your first link (that they treat tor ips like any ips).
I can tell you from experience that I have never connected to a cloudflare backed site with tor that didn't require multiple captchas. So every tor ip is hostile to cloudflare sites? If so, how is that practically different than just blocking tor?
I think that if you read the response at your first link again, you can see that they are implying what you are saying, but that are not saying what you are saying. I think they are blocking tor, but explaining it in a diplomatic way.
> My link was a direct response to your second link.
Yes, and they only take issue with the the claim that 94% of Tor requests to Cloudflare are malicious. It's a shame that Cloudflare hasn't responded with the data they requested, and it's fair to hold that against them. But I'm also not aware of a response from Tor regarding Cloudflare's desire to make automatic SSL certificate generation possible for .onion addresses.
As a huge fan of both organizations, I wish they would act like adults and work together, rather than spend so much time pointing fingers.
> If so, how is that practically different than just blocking tor?
Because Cloudflare allows their web sites to disable CAPTCHAs for Tor if they choose to.
> I think they are blocking tor, but explaining it in a diplomatic way.
We'll have to disagree on that. The Cloudflare post outlines not one, but two ways that the two organizations could work together to solve the problem.
But again, I agree it would be great if Cloudflare would release more detailed data about the attacks they see from Tor.
OP blog post claims 96% of the traffic going to their tor hidden service is hostile. It doesn't seem unreasonable to me at all that every tor ip is hostile.
so you manually looked up the provider of every site you visited?
sounds like 100% of cloudflare sites that are configured to require captchas require captchas.
Mitigating abuse while supporting the TOR ecosystem is an open problem and they have certainly done more than any other CDN afaik to explore ways to allow legitimate TOR users past their firewall. Unfortunately, if I remember correctly the solution involves tracking IDs which can deanonymize users.
I had an idea a while back of a distributed, anonymous reputation system with rotating tokens. I still believe this is a better solution than the permanent tracking IDs currently used and maintained by other companies. It would return control to the user.