Besides being a major annoyance, Cloudflare is increasingly becoming a security risk.
Tor Project maintainers are also accusing CloudFlare of adding cookies to Tor traffic sessions so they could track users.
How much anonymity should I be willing to compromise to avoid Cloudflare? In other words, should I use a proxy after my Tor exit node? Really difficult issue… Starting point: Connecting_to_Tor_before_a_tunnel-link
Popular VPN IP’s are blacklisted similarly to Tor exit nodes so no help there.
Private VPN / VPS might have clean IPs but would make you pseudonymous.
http / socks proxies are more vulnerable to mitm and snooping attacks.
Ideal solution would be an encrypted http/socks interface. Preferably one with dynamically assigned, shared nodes / IPs. Free. Running open-source software.
At @2xiangzi’s suggestion, I tried tunneling Lantern p2p proxy network through Tor. It seems the project has taken some steps back. Very possible I screwed up but what I experienced was more akin to an alpha than a beta product. Outdated, incomplete docs. Major design changes (like eliminating “friends”) without any accompanying explanations… Lack of diagnostics / monitoring / status. Won’t revisit for 6 months at least. Please correct me if I’m wrong.
(Rant: I have to mention the appalling lack of emphasis on proper precautions. Their warnings focus on protecting client privacy not on end-user servers providing proxies. Tor exit nodes are often hosted by institutions or power users on cloud servers. And they are listed in a public database. On the other hand, Lantern users seem more accustomed to sharing music albums than proxies. Why would the DEA doubt that Mary-Jane Jones has 500 lbs of cocaine in her garage when it gets traced to her IP? On the user forum, well-meaning end-users offer themselves as proxies to anonymous “Chinese/Iranian dissidents”. They seem to largely be torrenters who think in terms of RIAA penalties and not realize that SWAT could remove a wall after a bomb threat. Perhaps, this is why there is no “friends” option at the moment. The problem still exists - guess it just happens randomly now.)
As time permits, I will try to test some of the other suggestions on the list as well as some of the censorship circumvention ideas here:
PluggableTransports · Wiki · Legacy / Trac · GitLab Would like to hear your experiences.
It’s not just Cloudflare - the trend is worsening for Tor acceptance: