Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dear [PARTY WHO BLOCKS ACCESS VIA TOR],
My name is [FIRST NAME, LAST NAME], I am your [CUSTOMER / USER / PROVIDE SOME USERNAME, ACCOUNT INFO OR OTHER WAY TO BE IDENTIFIED IN THEIR SYSTEM *IF APPLICABLE*]. I have troubles in accessing your service from my IP address. I believe this is a result of my IP address being listed as a Tor exit router.
Please take little of your time and read some facts about Tor:
- The Tor Project is a US 501(c)(3) non-profit dedicated to the research, development, and education of online anonymity and privacy. Project's homepage is https://www.torproject.org/. Tor is a research project, funded by the National Science Foundation and previously DARPA (among others). Its primary goal is to provide people from hostile environments with encrypted and uncensored access to the Internet. For more than a third of the worlds population, the Internet is being either filtered or monitored. Every day, activists and bloggers are imprisoned or threatened for what we in the western countries see as a Human Right.
- Tor sees use by many important segments of the population, including whistle blowers, journalists, Chinese dissidents skirting the Great Firewall and oppressive censorship, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. While Tor is not designed for malicious computer users, it is true that they can use the network for malicious ends. In reality however, the actual amount of abuse is quite low. This is largely because criminals and hackers have significantly better access to privacy and anonymity than do the regular users whom they prey upon. Criminals can and do build, sell, and trade far larger and more powerful networks than Tor on a daily basis.
- Tor is a non-profit organization comprised of many volunteers (over 6000) who are willing to run Tor relays for the benefit of everyone. Tor is also endorsed by many organizations around the world, such as, just to name a few, Electronic Frontier Foundation (https://www.eff.org/) and Reporters Without Borders (https://www.rsf.org/).
Find out more here:
https://www.torproject.org/about/torusers
https://www.torproject.org/about/overview
https://www.torproject.org/docs/faq-abuse
Blacklisting IP addresses is old-fashion and provides a false sense of security. It has been demonstrated that "blacklisting" means one more problem, not one solved problem. The technique doesn't offer any benefits regarding security and just prevents honest, privacy-concerned users to access your services. An "attacker" can use compromised computers (regular user computers which are not listed in any database / blacklist) as proxies, over Tor, and still access your services. An IP address doesn't automatically identify suspect. It's just a unique address for a device connected to the Internet, much like a street address identifies a building. In most cases, an IP address will identify a router that one or more computers use to connect to the Internet. An IP address isn't personally identifying at all. When it traces back to a router that connects to many computers at a library, cafe, university, or to an open wireless network, VPN or Tor exit relay used by any number of people, an IP address alone doesn't identify the sender of a specific message. And because of pervasive problems like botnets and malware, suspect IP addresses increasingly turn out to be mere stepping stones for the person actually "using" the computer—a person who is nowhere nearby.
A correct way to address the security issues is to implement filters and protections and upper layers, not IP address layer. This way they will be functional (IP blocking does not help you at all, there hundreds of thousands of computers which can act as proxies and are not listed anywhere) and also more comfortable to your users. These are proven facts taken from top organizations on the internet who take digital security very seriously.
It is important to mention that the IP address which you have blocked is the only one I have, and I am forced to make a choice: quit the Tor network in order to use your services or support Tor and stop using your services. This way, you are indirectly forbidding me to support and be part of an organization devoted to free speech and freedom of information. I highly doubt this is your goal. Last but not least, Tor is more than something used for obfuscation. It also helps me protect against illegal interceptions (man in the middle attacks which are common on the internet), commercial espionage and the targeted-ads corporations, which invade my privacy by abusively recording all my browsing habits and my entire online activity. Do not indirectly deny me these rights.
Please, in the name of all users, take a different look and review your Tor policy. It's time to throw away old-fashion techniques which provide a false sense of security and start supporting innovation. Looking forward to receive your feedback regarding this as soon as possible.
Kind Regards,
[FIRST NAME, LAST NAME]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.