Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
reisse 9 days ago

I also want to add here because a lot of people either mention Tor as a succesful solution, or mention why Tor is not a solution but state completely wrong reasons. And I have a good soapbox to stand once in a while.

Number one reason why Tor is dead is Cloudflare.

Let me digress here. In my opinion, Cloudflare does a lot more censoring than all state actors combined, because they singlehandedly decide if the IP you use is "trustworthy" or "not", and if they decided it is not, you're cut off from like half of the Internet, and the only thing you can do is to look for another one. I'd really like if their engineers understood what Orwellian mammoth have they created and resign, but for now they're only bragging without the realization. Or at least if any sane antitrust or comms agency shred their business in pieces.

And Cloudflare by default makes browsing with Tor unusable. Either you're stuck with endless captchas, or you're banned outright.

Number two reason why Tor is dead is all other antifraud protections combined. Try paying with Stripe through Tor. There is quite a big chance you'll get an "unknown error" of sorts on Stripe side. Try to watch Netflix in Tor - exit nodes are banned.

Everyone kept shouting "Tor bad, Tor for criminals", and it became a self-fulfilling prophecy. It's really hard to do just browse web normally in Tor, because all "normal" sites consider it bad. The "wrong" sites, however, who expect Tor visitors...

poisonborz 8 days ago | parent | next [-]

The point of Tor was never to access classic internet, they actively discourage it. Exit nodes are a convenience feature. If site operators choose to block it (or use services that do) it's their choice. Services should expose onion interfaces - for example, Facebook does.

brightball 9 days ago | parent | prev | next [-]

I understand where you are coming from but there’s a flip side to this.

Cloudflare obfuscating such a huge segment of origin servers gives a privacy advantage to anyone using a private DNS, since most of the IPs you can be seen connecting to are just…Cloudflare.

jjcob 8 days ago | parent | next [-]

It's funny that the original idea for HTTPS was that there should be private communication between clients and service providers, and it somehow got turned on its head and now its just private communication between you and Cloudflare, and they can see all the traffic.

We talk about end to end encryption all the time, but half the web is hosted by a single company with questionable ethics and everyone is like, we trust them! They write technical blog posts!

Even Signal is hosted on Cloudflare...

rsync 9 days ago | parent | prev | next [-]

Or, at least, that’s how it would work if it wasn’t for SNI…

allset_ 9 days ago | parent [-]

Cloud Flare supports ECH. https://developers.cloudflare.com/ssl/edge-certificates/ech/

1vuio0pswjnm7 8 days ago | parent | next [-]

Any examples of Cloudflare client websites that have enabled ECH

immibis 8 days ago | parent | prev [-]

China blocks ECH.

majorchord 8 days ago | parent [-]

do you have a reliable source for this claim?

1vuio0pswjnm7 8 days ago | parent [-]

China's use of SNI-based censorship is well-documented

For example, see

https://censorbib.nymity.ch/pdf/Niere2025a.pdf

1vuio0pswjnm7 7 days ago | parent | next [-]

China has blocked ESNI

https://gfw.report/blog/gfw_esni_blocking/en/

But SNI is not CH and ESNI is not ECH

Will China block ECH

ECH blocking has been detected in Russia

https://github.com/net4people/bbs/issues/417

According to Niere et al. (2025)

"Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]."

The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely

It does not mention anyone using ECH to bypass GFW

Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use

ranger_danger 7 days ago | parent | prev [-]

Yes, but SNI is not ECH.

lyu07282 8 days ago | parent | prev [-]

Great gaslighting I must admit, terminating SSL of half the internet.. that centralization is actually enhancing privacy... There is a very high probability Cloudflare is a literal NSA front.

brightball 5 days ago | parent [-]

I don't see how that's gas lighting?

I'm just suggesting that there are trade-offs involved and value gained by making private origin servers common.

fedeb95 8 days ago | parent | prev [-]

it depends. I myself have some combination of browser extensions which make me a bad guy in Cloudflare opinion. I don't know exactly which one is the culprit because I added a lot of stuff over the years, but I really don't care: if Cloudflare blocks a website, I simply use another one. The good half of the internet will get my traffic.

zelphirkalt 8 days ago | parent [-]

That's all great and lauded be you for being principled, but this only helps until you need to use the website of a public institution, which decided to put fate of the citizens into the hands of a privately owned company, or some website that has a unique value, but is behind cloudflare. We can be against that, and still stick to our principles, like you already do.

fedeb95 8 days ago | parent [-]

that's a good point and indeed a problem in the original post context. I am of course talking from my privileged perspective where my country doesn't do that so I don't have that problem.