cross-posted from: https://links.hackliberty.org/post/285435
When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a public service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist.
They simply block Tor without discussion. It’s not even clear who at what level makes these decisions… could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor.
Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters.
The lack of justification is damaging because it essentially sends the message: “you Tor-using privacy seekers are such scum we don’t even have to explain why you are outcast. We don’t even have to ask permission to exclude you from participating in society” This reinforces the myth that Tor users are criminals and encourages non-criminal Tor users to abandon Tor, thus shrinking the Tor userbase. The civilized world has evolved to a point of realizing the injustice of #collectivePunishment. At best this is a case of punishing many because of a few. I say “at best” because I’m skeptical that a bad actor provokes the arbitrary denial of service.
When the question is publicly asked “why did service X start blocking Tor” answers always come as speculation from people who don’t really know, who say they were probably attacked.
In this example, it’d be cars without license plates, which is what we do
Making license plates optional would not lead to most people doing drive-by shootings. Anonymity does not make you criminal. Most people would not bother with a license plate if it were optional. And a vast majority of those anonymous drivers would not be committing drive-by shootings. Note as well that cyclists (who have no registration in most of the world) are not doing drive-by shootings despite their anonymity.
You’re speaking to the choir here, I even donate to the Tor project and think it’s an essential human right. I’m just offering a sys admin perspective. For them, it’s an easy one click option to block a lot of malicious connections. If their job is to protect a network, it makes sense.
The problem with their job is not being defined as protecting the network while at the same time ensuring availability to legit users. When the naïve sys admin excludes legit users, there’s no push back. No one protesting. Most people are incompetent and it’s normal for sys admins to be reckless in their blocking. The problem lack of counter actions. EFF’s silence & inaction is deafening. EFF & Tor Project are extremely close, yet EFF makes no mention of Cloudflare when CF should be at the center of EFF’s criticism. Tor Project pulled back on Cloudflare criticism after Jacob Appelbaum left. TP has deleted many of their anti-cloudflare essays & resources. CF is the most absolute nemesis to TP yet TP has neutered themselves.