Cloudflare blocking Tor Browser non-JavaScript users!

More and more often I’m seeing the following on a website:

"(website name here)
Checking if the site connection is secure
(!) Enable JavaScript and cookies to continue

(site name) needs to review the security of your connection before proceeding."

And at the bottom of the page:

“Ray ID: (omitted)
Performance & security by Cloudflare”

I call bullshit. They want me to enable fingerprinting of my browser and tracking with cookies for their security? Well fuck them.

Anyone else seeing this? Or do most people surf with JS enabled?

1 Like

I see this often too, they probably justify it by saying its to prevent abuse and misuse, meaning every single person who touches any page hosted or protected by Cloudflare must be treated as a potential threat and marked, just in case they happen to do anything wrong.

Arrest everybody so we definitely get the criminals… and everyone else

I don’t stand against the decision they made but the way Cloudflare responded to recent DDoS protection and hosting of a forum goes to show that they can act over abruptly and with evidence based off real life happening rather than a websites content or users. Having digital fingerprints for protective use is pretty pointless when the events enter a point beyond digital control. The best option would be a premium anonymous VPN and Tor in standard mode, they will get info but it will be spoofed and unrelated to your connecting IP.

I have been seeing the same thing. But, if we are all running the same Tor browser the fingerprinting they do shouldn’t matter. They will get the exact same fingerprint per Tor browser user.

However, I agree with you that I would prefer to run with JavaScript turned off many times.

I really wish Tor Browser would update to a version of Firefox that supports total cookie protection. I did some experimenting with this and it turns out it works really nicely. I mean, I don’t know if it has any security holes. But, basically, in a nutshell, it works just like you disabled third-party cookies except it makes the site your using continue to function as if they are enabled. The third-party cookies still work they just get confined to the site.

Anyway, really nice feature. I’m just really wishing it would come to the Tor browser. You know I am kind of wondering if the total cookie protection would work against Cloudflare? Hmm… I might have to investigate that!