The Trouble with CloudFlare
Wednesday, CloudFlare blogged that 94% of the requests it sees from Tor are "malicious." We find that unlikely, and we've asked CloudFlare to provide justification to back up this claim. We suspect this figure is based on a flawed methodology by which CloudFlare labels all traffic from an IP address that has ever sent spam as "malicious." Tor IP addresses are conduits for millions of people who are then blocked from reaching websites under CloudFlare's system.
We're interested in hearing CloudFlare's explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here's what we know:
1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as "malicious" if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.
2) External research has found that CloudFlare blocks at least 80% of Tor IP addresses, and this number has been steadily increasing over time.
3) That same study found that it typically took 30 days for an event to happen that caused a Tor IP address to acquire a bad reputation and become blocked, but once it happens, innocent users continued to be punished for it for the duration of the study.
4) That study also showed a disturbing increase over time in how many IP addresses CloudFlare blocked without removal. CloudFlare's approach to blocking abusive traffic is incurring a large amount of false positives in the form of impeding normal traffic, thereby damaging the experience of many innocent Tor and non-Tor Internet users, as well as impacting the revenue streams of CloudFlare's own customers by causing frustrated or blocked users to go elsewhere.
5) A report by CloudFlare competitor Akamai found that the percentage of legitimate e-commerce traffic originating from Tor IP addresses is nearly identical to that originating from the Internet at large. (Specifically, Akamai found that the "conversion rate" of Tor IP addresses clicking on ads and performing commercial activity was "virtually equal" to that of non-Tor IP addresses).
CloudFlare disagrees with our use of the word "block" when describing its treatment of Tor traffic, but that's exactly what their system ultimately does in many cases. Users are either blocked outright with CAPTCHA server failure messages, or prevented from reaching websites with a long (and sometimes endless) loop of CAPTCHAs, many of which require the user to understand English in order to solve correctly. For users in developing nations who pay for Internet service by the minute, the problem is even worse as the CAPTCHAs load slowly and users may have to solve dozens each day with no guarantee of reaching a particular site. Rather than waste their limited Internet time, such users will either navigate away, or choose not to use Tor and put themselves at risk.
Also see our new fact sheet about CloudFlare and Tor: https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf
> What's the point of sophisticated methods to avoid censorship on ISP level when all exit nodes are blocked by a majority of websites?
That is a good point. CloudFlare could eventually make make Tor almost unusable for most surfers, which would thwart our attempts to convert a sizable fraction of ordinary citizens into regular users of Tor Browser and other TP products. Which is crtically important to
*wean TP from the USG teat,
* grow our user base and thus our political leverage,
* better protect anonymity.
But I can't agree with this:
> In my view services like cloudflare are by far the greatest threat for the tor project.
I think the biggest threat is by far the very real possibility that the USG will attempt to outlaw Tor Browser, and to designate Tor Project as an "illegal organization". Currently, I believe the most worrisome scenario involves intolerable pressure being brought upon Debian Project (upon which Tails and much of Tor development work relies), Tor Project, or individual developers to abuse their cryptographic signing keys by "authenticating" a Debian software update or a Tor Browser bundle tarball which have been maliciously modified by state-sponsored attackers--- today USG; tomorrow India, Kazakhstan, Nigeria...
>today USG; tomorrow India, Kazakhstan, Nigeria
ha! there's that formula again!
"the real concern is that all this nastiness will later end up in the hands of
because even when the USA has the most developed surveillance apparatus on earth, it isn't actually oppressive, we are good guys you know, we have our checks and balances after all!"
yanks seriously are brainwashed, xD
The Debian project has already recognized this threat. This is part of the reason they are so interested in reproducible builds.