CloudFlare has claimed that about 94% of the requests it gets from users through the Tor network are malicious. CloudFlare, based on data across its network, said that the requests are aimed at causing harm to its customers. These include comment spam, vulnerability scanning, ad click fraud, content scrapping and login scanning. It further claims that about 18% of spam, which accounts for approximately to 6.5 trillion unwanted messages per year comes from the Tor network.
Tor – the onion router that allows users to surf the internet anonymously – in its response said, "We find that unlikely. We suspect this figure is based on a flawed methodology by which CloudFlare labels all traffic from an IP address that has ever sent spam as 'malicious'. Tor IP addresses are conduits for millions of people who are then blocked from reaching websites under CloudFlare's system."
Tor also claimed that its users are either blocked with Captcha server failure messages or are being prevented from reaching websites followed by a long loop of Captchas, which usually loads up very slowly and users sometime end up solving as many as a dozen of them. "Rather than waste their limited Internet time, such users will either navigate away, or choose not to use Tor and put themselves at risk," reads a release note on the Tor site.
CloudFlare, which is a CDN, DNS, DDoS protection and web security provider, uses Completely Automated Public Turing tests to tell Computers and Human Apart (Captcha) to block a user coming through Tor network with vulnerability. It is currently using Google's reCAPTCH, which it claims to make easier for users. Google, on the other hand, is also seeing significant malicious traffic from Tor, therefore the reCAPTCHA from Google is considered to be the toughest.
So how does CloudFlare treat these requests? The company claims to be treating malicious requests differently than those with less risk. At the same time it enables the users to whitelist Tor exit nodes that contains malicious requests.
As part of a long-term solution, CloudFlare wants to create an onion version of their sites, which are only accessible through Tor network with less risk of getting targeted by malicious attacks. CloudFlare has also asked Tor projects to distinguish between automated and human traffic to the Tor browser that could allow users to do some proof-of-work problem and then send a secure token to verify the requests. CloudFlare is also working to reduce Captchas for Tor users, while without compromising their anonymity. It promises to rollout a new design to make it easier for the Tor browser user.