Joe Mullin
More than ever, websites are blocking users of the anonymizing Tor network or degrading the services they receive. Data published today by Web security company CloudFlare suggests why that is.
In a company blog post entitled "The Trouble with Tor,"
CloudFlare CEO Matthew Prince says that 94 percent of the requests the
company sees coming across the Tor network are "per se malicious." He
explains:
That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.
A graph in the blog post shows that nearly 70 percent of Tor
exit nodes were listed as "comment spammer" nodes at some point over
the last year.
It's difficult to monitor individual browsers that are using
Tor. "And that's a good thing," Prince writes. "The promise of Tor is
anonymity... while we could probably do things using super cookies or
other techniques to try to get around Tor's anonymity protections, we
think that would be creepy and choose not to because we believe that
anonymity online is important."
Starting last month, CloudFlare began treating Tor users as their own "country" and now gives its customers four options of how to handle traffic coming from Tor.
They can whitelist them, test Tor users using CAPTCHA or a JavaScript
challenge, or blacklist Tor traffic. The blacklist option is only
available for enterprise customers.
As more websites react to the massive amount of harmful Web
traffic coming through Tor, the challenge of balancing security with the
needs of legitimate anonymous users will grow. The same network being
used so effectively by those seeking to avoid censorship or
repression has become a favorite of fraudsters and spammers.
The study on Tor published last month
shows some of the limits already being placed on Tor users. Wikipedia,
for instance, allows them to read but not edit articles. Google allows
home page access but increasingly presents CAPTCHAs or block pages to
Tor searchers. Bank of America won't allow a login from Tor.
Websites like yelp.com, macys.com, and bestbuy.com, which
use Akamai and Amazon Web Services, are currently blocking between 60
and 70 percent of Tor exit nodes, according to the same study.
Post a Comment