Cloudflair is making it extra difficult to login, stay logged in, and sumbit to Saidit today

submitted by SoCo from self.censorship

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Actually, I retried the above method and discovered that it doesn't work these days. They're throttling pretty heavily and I don't think there's much we can do except wait. (It's only by chance I managed to log in in this instance.) An alternative is to use a VPN and log in with a different browser, I recommend Librewolf. You can use an in-browser VPN as well, just go to https://addons.mozilla.org and search for VPN (it should be noted that these are often simply proxies and don't encrypt the connection, and you should double-check that DNS lookups aren't leaking your IP address).

If you insist on using Tor, here's something you could try, although I'm not sure if it works. Go to Tor Browser settings, Privacy & security, scroll down and uncheck "Query OCSP responder servers...", then install an in-browser VPN inside that browser. I believe this will establish an ISP -> Tor -> VPN connection. This is less secure than simply using Tor and the Tor project advices against it, but it's a way to bypass Cloudflare. Do let me know if it works in case you try it.

[–]SoCo[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I couldn't get it to work either.

I've narrowed it down to Cloud Flair not working, when I have extract canvas information enabled, presumably because the specific canvas actions are being blocked. When I completely disable canvas snooping, Cloud Flair throws its hands up and opens the spy-button, which is an iframe that says "verify I am human" or something.

No entrance allowed unless you are de-anonymized...

I can't think of specific technical reasons, but I would suggest that using a VPN with Tor in that way. I'm pretty sure it would make you a ton less secure and doing so with OCSP disable, would open you to man in the middle attacks by both the VPN and the Tor exit node. It really is a really bad privacy and security mess to go that approach.

Yet, you fix hides your Tor exit node from Cloudflare, which is likely getting a super bad trust score from Cloudflare for being Tor.

You cannot bypass Clouflare, ever, they are the DNS provider. Your approach simply makes your IP look a little less risky and Cloudflare doesn't so loudly shake you down.

[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yet, you fix hides your Tor exit node from Cloudflare, which is likely getting a super bad trust score from Cloudflare for being Tor.

You cannot bypass Clouflare, ever, they are the DNS provider. Your approach simply makes your IP look a little less risky and Cloudflare doesn't so loudly shake you down.

Cloudflare doesn't intentionally block Tor nodes, that's just a consequence of their throttling. They've been making the web more accessible for Tor users for years, and although we aren't there yet (Privacy Pass still doesn't seem to function), the web is more much usable than it was 5 years ago.

Anyway, it's very rare that I have trouble accessing websites via a simple browser VPN.

Thanks for emphasizing the risk of disabling validity checks. I knew it was a risk, but needed a workaround. Perhaps FoxyProxy is better for this but I don't know if it will work in Tor Browser.