cross-posted from: https://links.hackliberty.org/post/285435
When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a public service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist.
They simply block Tor without discussion. It’s not even clear who at what level makes these decisions… could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor.
Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters.
The lack of justification is damaging because it essentially sends the message: “you Tor-using privacy seekers are such scum we don’t even have to explain why you are outcast. We don’t even have to ask permission to exclude you from participating in society” This reinforces the myth that Tor users are criminals and encourages non-criminal Tor users to abandon Tor, thus shrinking the Tor userbase. The civilized world has evolved to a point of realizing the injustice of #collectivePunishment. At best this is a case of punishing many because of a few. I say “at best” because I’m skeptical that a bad actor provokes the arbitrary denial of service.
When the question is publicly asked “why did service X start blocking Tor” answers always come as speculation from people who don’t really know, who say they were probably attacked.
If its a public service, why dont you ask your local representative why its blocked? Harass them to give the answer, its their job to represent you.
“I’m skeptical that a bad actor provokea the arbitrary denial of service” - Single data point here, but i had a single failed login to my personal site from the US, and now I am looking to geoblock the entire US. Dealing with intrusions and attempted intrusions is expensive and time consuming, I dont doubt that even a single attack originating from Tor could make a security team choose to simply block the IPs and move on. Especially if the IP range isn’t within their countries set of IPs.
I wasn’t speaking about a single public service in particular, but generally. It’s a regular widespread problem.
I do not believe this can be solved by an individual. It requires a collective action of many and it needs to be spearheaded by a recognized org like ACLU or EFF. The #EFF is quite close to the Tor Project and in principle this problem would be in the EFF’s scope. But the EFF is only goes as far as suggesting that people use Tor – as they turn a blind eye to global DoS against Tor. I don’t see a single privacy advocacy/lobbyist org who is working this problem and worthy of donations.