Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If they are blocking those addresses, what makes you think they aren't blocking tor?


This is trivial to verify. I’ll save you two minutes and say that yes indeed it’s accessible through Tor. Tor doesn’t have a static number of exit nodes and due to the variable nature of the network it’s difficult to block.


> due to the variable nature of the network it’s difficult to block.

Due to the fact that the Tor project provides a variety of lookup tools to determine whether an IP is an exit node -- including a DNS-based lookup -- it's trivial to block Tor users.

https://www.torproject.org/projects/tordnsel.html.en


Yet it isn’t blocked while this VPN is.


But your reasoning is incorrect - in fact, site owners can block Tor in Cloudflare with a single, easy to configure firewall rule.

> Tor doesn’t have a static number of exit nodes and due to the variable nature of the network it’s difficult to block.


Really? I don't think I've seen that before. Where is that?


It's treated like a country, with country code "T1". Site operators can create rules which apply special handling to visitors from the exotic country of Torlandia. ;)

https://support.cloudflare.com/hc/en-us/articles/203306930-U...


making tor exits unblockable is the opposite of how the tor project operates.


Actually, there is a proposal for Tor exits to use a different IPv6 address for each circuit. See https://trac.torproject.org/projects/tor/ticket/26646


They still would be listed though? And people blocking tor ipv6 would of course block ranges rather than individual IPs.


I presume that they'd never get reused.

And yes, there could be blocking by ranges.

And while I doubt that Tor would ever do it, one could use residential IPs via "free" smartphone apps. Some VPN services may be doing that.


They are all listed... https://blog.torproject.org/changes-tor-exit-list-service

No one could not use residential IPs that way.


Yes, they're all listed now.

But I don't see anything in https://trac.torproject.org/projects/tor/ticket/26646 about listing the IPv6 addresses. And using random addresses from multiple /48, that'd be an extremely long list.

I was wrong about not reusing IPv6. But even so, using the same IPv6 would be very rare, given the number available.

You say that no one could use residential IPs that way. But I know for a fact that it's already being done. For example, see https://luminati.io/proxy-networks/residential-ips.


Why wouldn't they?

Handful of blocked ranges yes...

It's obvious that this isn't a goal of Tor.


I'd say that it hasn't been Tor's goal.

But blocking has become so common that user pressure to prevent it can no longer be ignored. If they don't act, they risk being replaced.

I typically get around it by routing a VPN service, or a private VPN, through Tor. That also enables apps that require UDP. There is the risk of deanonymization, if VPN connections last too long and pin Tor circuits. Or if users don't adequately anonymize payment for VPN services or VPS used for private VPNs.

I started playing with a set of bash scripts that creates multiple VPN connections, with each using a different Tor circuit, and tests them. It periodically switches from one to another, and kills the old one. So both Tor circuit and VPN exit IPv4 change periodically. A script ongoingly starts and tests new VPN connections, to maintain availability. It's basically a crude hack of Tor's approach to circuit management.


tor does not use ipv6 currently.


Huh?

https://metrics.torproject.org/rs.html#search/2001:

I see 377 starting with 2001:.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: