zsmith.co

Sites that block TOR

Revision 20
© 2015-2018 by Zack Smith. All rights reserved.

Analysis of possible rationales for blocking TOR users

The justifications that website owners might adopt for blocking TOR users can often be deduced or just reverse-engineered. Sometimes they remain mysterious but interesting to ruminate on.

Argument 0

To protect you from yourself. Using TOR makes you a target of surveillance. The TOR infrastructure and browser were originally intended by its creators in the government for use by spooks to protect their identities and activities in the field. So of course all your packets will be recorded, and TOR nodes will be monitored, and other non-TOR traffic from your IP address will be recorded so that some day, with enough computing power, it can be decrypted. Furthermore, given the origin of TOR, what impediment do you think might exist to not embed spyware in the TOR browser? None of course.

Argument 1

Because some companies make money by selling information about you to advertisers and governments, they want to block or impede TOR users because they can't figure out who you are.

Known to be blocking:

Google search requires entering a Captcha (sometimes many times)
Pinterest prevents any use of the site
CloudFlare requires Captcha: could it be they are selling out visitors to CloudFlare-hosted sites?

The CloudFlare impediment affects many websites that might not normally choose to block anonymous users, including:

  • Voat
  • www.GlobalResearch.ca
  • TechDirt.com AKA floor64
  • Wireshark.org
  • SuperUser.com, ServerFault.com, StackExchange.com

It appears the website owner can require an arbitrary number of captchas.

CloudFlare hosts Hacking Team, which is an Italian company that provides tools for dictators allowing them to oppress dissidents and minorities.

Argument 2

Because scammers will be inclined to use TOR to access free email services in order to perpetrate phishing attacks, or to lure their marks toward drive-by hacking attack sites, or other nefarious purposes, it is not unreasonable to block TOR users from accessing free online email accounts.

Known to be blocking:

AOL mail prevents login
Gmail prevents sign-up without mobile phone number-- not just for two-factor, it is to identify you
GMX mail prevents sign-up altogether
Yahoo mail prevents sign-up without mobile phone number
Yandex mail does not respond to click on Create Account button
Inbox.com can create account but prevented from viewing the inbox.
GuerrillaMail.com the Captcha no longer works.

Note that inbox.com does not always enforce HTTPS, so your email contents may be visible to others in a public Wifi situation.

Argument 3

Because it is proven that people are being paid to post fake reviews of businesses and products (job ads for such gigs are conspicuous online), it is not unreasonable for online services that depend on accurate reviews to block TOR users.

Known to be blocking:

Yelp no access whatsoever
Amazon.com a message says it is blocking robots... but not paid reviewers?

Note that businesses have many ways to manipulate Yelp and Amazon reviews, regardless of TOR access, the chief among them being to pay large numbers of contractors to write phony reviews in click farms.

Argument 4

Because online dating users are the target of scammers who induce gullible victims to, for instance, send money abroad, it is not unreasonable to block TOR users from online dating sites because dating sites may want to block scammers by region (Nigeria) or ISP (e.g. Kyivstar).

Known to be blocking:

OKCupid They also do not provide non-TOR users with HTTPS connections for non-login browsing
POF.com They also do not provide non-TOR users with HTTPS connections at all
Match.com AKA Meetic They pretend to be down for maintenance to TOR users

The fact that these two companies traffic in users' information and do not use SSL for web users is a bit suspicious and disturbing and could mean they are willingly complicit with government profiling of citizens. If that is the case, it would certainly explain the personality profiling questions that companies claim are meant to help users meet just the right (fake) love interests.

Argument 5

Because grassroots-commerce like Craigslist and freelancer websites like Elance are sometimes used by scammers to induce people into sending money abroad and performing free labor, respectively, it's reasonable to block TOR users.

However, Craigslist does not successfully block foreigner scammers. They just block TOR.

The commonest housing scam is perhaps one that fools Craigslist users into sending money to a landlord who has recently moved overseas. In reality, the scammer is not a landlord and has nothing to do with the property in question.

One example of a free-labor labor scam involves translation companies that request prospective translators to prove that they are skilled at translating by doing a translation of just one or two paragraphs of sample text. In reality the scammer took a document, broke it into several pieces and sent each one to a wannabe translator, none of whom will ever be paid.

Craigslist prevents viewing ads
TaskRabbit cannot sign up
Elance perhaps to block scammers looking for free labor from desperate people

Argument 6

Because website scrapers are using retail websites to obtain pricing data that consumers could use to compare prices at different retailers to find the best deals e.g. using apps that scan barcodes, retailers are inclined to block TOR users lest it be used by scrapers. This is bad for consumers and good for retailers.

Sears.com perhaps to prevent scraping via TOR
Frys.com perhaps to prevent scraping via TOR
Walmart.com complete blockage perhaps to prevent scraping via TOR
Bestbuy.com presumably due to online reviews or to prevent scraping

Argument 7

Because a website is providing paid-for data that competitors would like to scrape and thereby use without paying for it, websites will be inclined on principle to block TOR users. Real estate data is the prime example.

Or perhaps the company that provided the data is requiring that TOR users be blocked.

This justification for blocking TOR users would not prevent people from scraping at an Internet café, or via a borrowed Wifi connection, or at a university, or from overseas. Therefore blocking TOR users is somewhat futile.

Trulia.com complete blockage
Redfin.com complete blockage
Realtor.com i.e. Move complete blockage

Argument 8

Because governments want to know which citizens are concerned about corrupt politics and government wrongdoing, they want to block or undermine TOR users, who unlike non-TOR users can't be identified.

Known to be blocking:

Senate.gov says Access Denied to http:serve-403-www.senate.gov/.

Argument 9

Because some people might try to attempt attacks such as SQL injection via TOR, and website owners are much too lazy or ignorant to secure our systems, or we are newbies. Therefore let us simply block TOR, and force all such attacks to be done without TOR.

Unrelated: IBM's Role in the Holocaust -- What the New Documents Reveal

Argument 10

Given that package shipment information can in theory be intercepted which can then be used to track and steal delivered packages, it may be reasonable to block TOR users from obtaining package delivery status, so that information about thieves accessing delivery info can be recorded.

Package tracking information could also be used by spooks to seize electronics and implant spying technology.

How do they get access to delivery info?

  • Reading unencrypted mail traffic on public Wifi.
  • Or by hacking into mail servers to read emails.
  • Or providing bogus Wifi hotspots that decrypt traffic (Man in the Middle attack) e.g. mail or Fedex/UPS/DHL site visits.

USPS.com intermittent blocking

Somewhat murkier, rather suspicious

Some websites have instituted blockage of TOR users for less clear reasons.

Hacker News (Y Combinator) Perhaps symbolic to show Silicon Valley leaders are globalists, not libertarians
Wikimedia downloads page Why not if TOR users are smart enough see through Wikipedia fake news?
Gutenberg.org This could mean they wish to help spooks track what you read.
Webchat.Twit.tv They dislike or do not want anonymous commenters in their chat for some reason.
Sitecheck.Sucuri.net This could mean they wish to help spooks track what you scan.
Coffee houses e.g. Coffee and Tea Leaf security theater
Restaurants e.g. Panera Bread security theater

Useful TOR-friendly services

Links