Those of you who read the CloudFlare post might also be interested in Tor Project's recent post questioning the 94% figure: https://blog.torproject.org/blog/trouble-cloudflare Joseph Lorenzo Hall <joe@xxxxxxx> wrote Thu, 31 Mar 2016 22:32:57 -0700: | IETF folks may be interested in this recent cloudflare post that outlines | some potential changes to Tor -- SHA-256 hashes for hidden service certs, | move proof-of-work into TorBrowser -- that could make this a bit more | robust against automated malicious activity (unfortunate title IMO): | | http://blog.cloudflare.com/the-trouble-with-tor/ | | On Monday, March 28, 2016, IETF Chair <chair@xxxxxxxx> wrote: | | > Based on earlier feedback on IETF discussion list, the IAOC has decided to | > ask the IETF network admins to make a change with regards to how our CDN | > serves clients coming from TOR networks. | > | > For background, our website uses a number of techniques to help combat | > denial-of-service attacks. One of these mechanisms was based on CAPTCHAs | > that were triggered, in particular, for some users when accessing the IETF | > web site for the first time and heuristically identified as coming from a | > TOR exit node. Once the CAPTCHA is passed, the user was able to browse | > normally. However, in the process of performing the CAPTCHA and accessing | > the IETF website, cookies and scripts are used, which was a concern for | > some users. | > | > Information on the IETF website is meant to be public, and should be | > openly accessible for as broad consumption as technically and practically | > possible. When there are groups of people whose access to the website is | > for some reason problematic, we try to accommodate better access, no matter | > who makes such request, within the bounds of what is practical, of course, | > and considering the potential effects of denial-of-service attacks and | > other issues. | > | > The change in our settings is to no longer perform CAPTCHAs or other extra | > mechanisms for clients coming from TOR networks. Behaviour for other users | > should not be affected, though it is an open question whether any | > significant denial-of-service attacks could be launched from these networks. | > | > Please note that the our admins are monitoring the situation, and have the | > ability to change this configuration at any time. So if the TOR exit nodes | > are the source of an attack, for instance, the configuration could be | > adjusted again. And of course, further actions regarding how the IETF | > website is run are based on our experiences from current and past setups, | > and your feedback. | > | > Jari Arkko, IETF Chair | > | | | -- | Joseph Lorenzo Hall | Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]e: joe@xxxxxxx, p: 202.407.8825, pgp: https://josephhall.org/gpg-keyFingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 | | CDT's annual dinner, Tech Prom, is April 6, 2016! | https://cdt.org/annual-dinner