Webmasters: Please, Don't Block Tor

[Tor][] is a privacy and anonymity tool that [helps users to defend
  themselves][tor-about] against traffic analysis online.
Some people, like me, use it as an important tool to help defend against
  [various online threats to privacy][sapsf].
[Others use it][tor-users] to avoid censorship,
  perhaps by the country in which they live.
Others use it because their lives depend on it---they
  may live under an oppressive regime that forbids access to certain
  information or means of communication.

Unfortunately, some people also hide behind Tor to do bad things,
  like attack websites or commit fraud.
Because of this,
  many website owners and network administrators see Tor as a security threat,
    and choose to block Tor users from accessing their website.

But in doing so,
  you aren't just keeping out some of the malicious users:
    you're also keeping out those who [use Tor for important, legitimate
Malicious users have other means to achieve anonymity and often have the
  skill and understanding to do so.
But average Tor users aren't necessarily technology experts,
  and certainly don't have the extra (often maliciously-acquired) resources
  that bad actors do,
    so they are disprortionally affected by blocks.

A particularly unsettling problem I often encounter is that a website will
  outright prohibit access by Tor users _even on read-only resources like
  articles or information_.
I've even seen this on informational resources on United States Government
Blocking access to interactive website features---like
  posting comments or making purchases---can
  be understandable,
    or maybe even necessary sometimes.
For example,
  Wikipedia prohibits page edits over Tor.
But Wikipedia _does not block reading_ over Tor.

If you are considering threats that may mask themselves behind Tor and you
  are running a blog, news site, or other informational resource,
    please, consider how your actions [may affect innocent
Allow users to read over Tor,
  even if you decide to prohibit them from interacting.

For users of Tor who do find themselves stuck from time to time:
  I will often prepend `https://web.achive.org/` to the URL of a page that
  is blocked,
    which allows me to view the page in the Internet Archive's [Wayback
For example,
  to view my website in the Wayback Machine,
    you'd visit `https://web.archive.org/https://mikegerwitz.com/`.

[Tor]: https://www.torproject.org/
[tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor
[tor-users]: https://www.torproject.org/about/torusers.html.en
[sapsf]: /talks/sapsf
[Wayback Machine]: https://web.archive.org/
Mike Gerwitz 2018-10-05 23:26:00 -04:00
parent 5a62a98a78
commit 8dbde47b65
Signed by: mikegerwitz
GPG Key ID: 8C917B7F5DC51BA2

Diff Content Not Available