Open source
  • Bandwidth benchmark
  • TouchWidgets UI lib
  • Diviner big number math
  • Documentation
  • x86 instructions ref
  • GIT quick ref
  • GPG quick ref
  • Avoid Ubuntu
  • Android malware risks
  • iOS malware risks
  • OS/X security tips
  • Who blocks Tor
  • Software engineering
  • BASH aliases
  • I.B. pro/con
  • Nutrition
  • Other apps
  • Blog
  • Contact
    1 at zsmith dot co

    Sites that block Tor

    Revision 19
    © by
    All rights reserved.

    Analysis of possible rationales for blocking Tor users

    The justifications that website owners might adopt for blocking Tor users can often be deduced or just reverse-engineered. Sometimes they remain mysterious but interesting to ruminate on.

    Argument 0

    Because some companies make money by selling information about you to advertisers and governments, they want to block or impede Tor users because they can't figure out who you are.

    Known to be blocking:

    Google search requires entering a Captcha (sometimes many times).
    Pinterest prevents any use of the site.
    CloudFlare requires Captcha: could it be they are selling out visitors to CloudFlare-hosted sites?

    The CloudFlare impediment affects many websites that might not normally choose to block anonymous users, including:

    • Voat
    • www.GlobalResearch.ca
    • TechDirt.com AKA floor64
    • Wireshark.org
    • SuperUser.com ; ServerFault.com; StackExchange.com

    It appears the website owner can require an arbitrary number of captchas.

    CloudFlare hosts Hacking Team, which is an Italian company that provides tools for dictators allowing them to oppress dissidents and minorities.

    Argument 1

    Because scammers will be inclined to use Tor to access free email services in order to perpetrate phishing attacks, or to lure their marks toward drive-by hacking attack sites, or other nefarious purposes, it is not unreasonable to block Tor users from accessing free online email accounts.

    Known to be blocking:

    AOL mail prevents login
    Gmail prevents sign-up without mobile phone number-- not just for two-factor, it is to identify you
    GMX mail prevents sign-up altogether
    Yahoo mail prevents sign-up without mobile phone number
    Yandex mail does not respond to click on Create Account button
    Inbox.com can create account but prevented from viewing the inbox.
    GuerrillaMail.com the Captcha no longer works.

    Note that inbox.com does not always enforce HTTPS, so your email contents may be visible to others in a public Wifi situation.

    Argument 2

    Because it is proven that people are being paid to post fake reviews of businesses and products (job ads for such gigs are conspicuous online), it is not unreasonable for online services that depend on accurate reviews to block Tor users.

    Known to be blocking:

    Yelp no access whatsoever
    Amazon.com a message says it is blocking robots...
    but not paid reviewers?

    Note that businesses have many ways to manipulate Yelp and Amazon reviews, regardless of Tor access, the chief among them being to pay large numbers of contractors to write phony reviews in click farms.

    Argument 3

    Because online dating users are the target of scammers who induce gullible victims to, for instance, send money abroad, it is not unreasonable to block Tor users from online dating sites because dating sites may want to block scammers by region (Nigeria) or ISP (e.g. Kyivstar).

    Known to be blocking:

    OKCupid They also do not provide
    non-Tor users with HTTPS connections
    for non-login browsing
    POF.com They also do not provide
    non-Tor users with HTTPS connections
    at all
    Match.com AKA Meetic They pretend to be down for maintenance to Tor users

    The fact that these two companies traffic in users' information and do not use SSL for web users is a bit suspicious and disturbing and could mean they are willingly complicit with government profiling of citizens. If that is the case, it would certainly explain the personality profiling questions that companies claim are meant to help users meet just the right bots love interests.

    Argument 4

    Because grassroots-commerce like Craigslist and freelancer websites like Elance are sometimes used by scammers to induce people into sending money abroad and performing free labor, respectively, it's reasonable to block Tor users.

    However, Craigslist does not successfully block foreigner scammers. They just block Tor.

    The commonest housing scam is perhaps one that fools Craigslist users into sending money to a landlord who has recently moved overseas. In reality, the scammer is not a landlord and has nothing to do with the property in question.

    One example of a free-labor labor scam involves translation companies that request prospective translators to prove that they are skilled at translating by doing a translation of just one or two paragraphs of sample text. In reality the scammer took a document, broke it into several pieces and sent each one to a wannabe translator, none of whom will ever be paid.

    Craigslist prevents viewing ads
    TaskRabbit cannot sign up
    Elance perhaps to block scammers looking for
    free labor from desperate people

    Argument 5

    Because website scrapers are using retail websites to obtain pricing data that consumers could use to compare prices at different retailers to find the best deals e.g. using apps that scan barcodes, retailers are inclined to block Tor users lest it be used by scrapers. This is bad for consumers and good for retailers.

    Sears.com perhaps to prevent scraping via Tor
    Frys.com perhaps to prevent scraping via Tor
    Walmart.com complete blockage perhaps to prevent scraping via Tor
    Bestbuy.com presumably due to online reviews
    or to prevent scraping

    Argument 6

    Because a website is providing paid-for data that competitors would like to scrape and thereby use without paying for it, websites will be inclined on principle to block Tor users. Real estate data is the prime example.

    Or perhaps the company that provided the data is requiring that Tor users be blocked.

    This justification for blocking Tor users would not prevent people from scraping at an Internet café, or via a borrowed Wifi connection, or at a university, or from overseas. Therefore blocking Tor users is somewhat futile.

    Trulia.com complete blockage
    Redfin.com complete blockage
    Realtor.com i.e. Move complete blockage

    Argument 7

    Because governments want to know which citizens are concerned about corrupt politics and government wrongdoing, they want to block or undermine Tor users, who unlike non-Tor users can't be identified.

    Known to be blocking:

    Senate.gov says Access Denied to http://serve-403-www.senate.gov/.

    Argument 8

    Because some people might try to attempt attacks such as SQL injection via Tor, and website owners are much too lazy or ignorant to secure our systems, or we are newbies. Therefore let us simply block Tor, and force all such attacks to be done without Tor.

    Related: IBM Tells Companies To Block Tor On Security Grounds.

    Unrelated: IBM's Role in the Holocaust -- What the New Documents Reveal

    Argument 9

    Given that package shipment information can in theory be intercepted which can then be used to track and steal delivered packages, it may be reasonable to block Tor users from obtaining package delivery status, so that information about thieves accessing delivery info can be recorded.

    Package tracking information could also be used by spooks to seize electronics and implant spying technology.

    How do they get access to delivery info?

    • Reading unencrypted mail traffic on public Wifi.
    • Or by hacking into mail servers to read emails.
    • Or providing bogus Wifi hotspots that decrypt traffic (Man in the Middle attack) e.g. mail or Fedex/UPS/DHL site visits.

    USPS.com intermittent blocking

    Somewhat murkier, rather suspicious

    Some websites have instituted blockage of Tor users for less clear reasons.

    Hacker News (Y Combinator) Perhaps symbolic to show Silicon Valley leaders are globalists, not libertarians
    Wikimedia downloads page Why not if Tor users are smart enough see through Wikipedia fake news?
    Gutenberg.org This could mean they wish to help spooks track what you read.
    Webchat.Twit.tv They dislike or do not want anonymous commenters in their chat for some reason.
    Sitecheck.Sucuri.net This could mean they wish to help spooks track what you scan.
    Coffee houses e.g. Coffee and Tea Leaf security theater
    Restaurants e.g. Panera Bread security theater

    Useful Tor-friendly services

    • TorBirdy: The Thunderbird plugin that sends all email through Tor. But what about the Tor<-->server connection?
    • MailDrop.cc: A place to receive emails that is bizarrely not available as HTTPS.

    Links




    © Zack Smith