Webmasters: Please, Don't Block Tor

Browse Source

[Tor][] is a privacy and anonymity tool that [helps users to defend
  themselves][tor-about] against traffic analysis online.
Some people, like me, use it as an important tool to help defend against
  [various online threats to privacy][sapsf].
[Others use it][tor-users] to avoid censorship,
  perhaps by the country in which they live.
Others use it because their lives depend on it---they
  may live under an oppressive regime that forbids access to certain
  information or means of communication.

Unfortunately, some people also hide behind Tor to do bad things,
  like attack websites or commit fraud.
Because of this,
  many website owners and network administrators see Tor as a security threat,
    and choose to block Tor users from accessing their website.

But in doing so,
  you aren't just keeping out some of the malicious users:
    you're also keeping out those who [use Tor for important, legitimate
    reasons][tor-users].
Malicious users have other means to achieve anonymity and often have the
  skill and understanding to do so.
But average Tor users aren't necessarily technology experts,
  and certainly don't have the extra (often maliciously-acquired) resources
  that bad actors do,
    so they are disprortionally affected by blocks.

A particularly unsettling problem I often encounter is that a website will
  outright prohibit access by Tor users _even on read-only resources like
  articles or information_.
I've even seen this on informational resources on United States Government
  domains!
Blocking access to interactive website features---like
  posting comments or making purchases---can
  be understandable,
    or maybe even necessary sometimes.
For example,
  Wikipedia prohibits page edits over Tor.
But Wikipedia _does not block reading_ over Tor.

If you are considering threats that may mask themselves behind Tor and you
  are running a blog, news site, or other informational resource,
    please, consider how your actions [may affect innocent
    users][tor-users].
Allow users to read over Tor,
  even if you decide to prohibit them from interacting.

For users of Tor who do find themselves stuck from time to time:
  I will often prepend `https://web.achive.org/` to the URL of a page that
  is blocked,
    which allows me to view the page in the Internet Archive's [Wayback
    Machine][].
For example,
  to view my website in the Wayback Machine,
    you'd visit `https://web.archive.org/https://mikegerwitz.com/`.

[Tor]: https://www.torproject.org/
[tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor
[tor-users]: https://www.torproject.org/about/torusers.html.en
[sapsf]: /talks/sapsf
[Wayback Machine]: https://web.archive.org/

master

Mike Gerwitz 2018-10-05 23:26:00 -04:00

parent 5a62a98a78

commit 8dbde47b65

Signed by: mikegerwitz

GPG Key ID: 8C917B7F5DC51BA2

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available