That's why I putted mutiple quotes, was an attempt to be ironic, because the guy was asking for shit question findable on the tor wiki.
The Tor Illusion
Jeremiah Hall
Andrew Davis
That happened to me once, but then I wrote a filthy language complaint about it and they un-flagged me.
Elijah Cook
I could understand them locking it for security reasons, but flagging it? What are they doing? Just another reason never to use github again.
Kayden Bell
There needs to be a movement towards Freenet.
Austin Howard
sage and ignore
Anthony Harris
I think cloudflare is not scared of human Tor users, but automatic bots, those usually execute only basic http functions and have a "lulsorandum" user agent, which also proves why all textbrowser larpers in this thread get btfo'd by cloudflare, they simply appear to be bots and stick like a sore thumb in swarm of regular tor browsers.
Juan Murphy
It would be hard for ISP to scan the bridges, and a bit easier for government-backed entity since bridges are given up from Tor project's website after entering captcha or sending email, that's a lot of pajeet-hors to bruteforce. Private obfuscated bridges are not listed elsewhere and are virtually impossible to find unless a DPI is trained to find them, and those usually become known to wide public pretty soon. If you run a bridge with different algorithm like shadowsocks, govpn, stunnel instead of default Tor obfuscators, it'd be even harder to discern what traffic you're sending over the network.
Charles Campbell
You realize the solution to all of that is just kill all unauthorized protocols. Things like HTTP(s) and email will be about it.
Grayson Wood
All you have to do is make the headers look like Tor Browser. I captured this from Tor Browser:GET / HTTP/1.1Host: 192.168.2.2:1234User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Some Cuckflare sites still wont let you on (because "high security" mode or some bullshit), but I'm pretty sure like 99.999% will let you pass once you look like Tor Browser. Also Links bypasses Cuckflare too last time I checked.
Cuckflare is a WAF. Do you guys still not know what a WAF is 20 years after the year 2000 when they were popular? A Web Application Firewall is a piece of shit that sits around going through each request and deciding whether to approve them. This placebo technology is supposed to provide some form of "security" to site admins who are to retarded and lazy to figure out how the word "security" even pertains to the internet. Like all WAFs, it will block whatever the fuck their retarded end up blocking. This is typically all of Tor, all VPNs, most open proxies, some public places such as schools and cafes, etc. The way your IP even gets into the blocklist in the first place is either by manually adding ranges (such as Tor), or by you sending some traffic that looks like hax (such as having a quote in the URL). Even if you aren't trying to hack the page, you will inevitably trigger the WAF at some point, resulting in a single block, temporary ban, or permanent ban. It's also of course possible that Cuckflare is blocking Tor deliberately, but it doesn't really matter. At the end of the day they should be ousted as retards for selling and spreading this garbage technology all over the web.
You couldn't be more wrong. As I said, Links bypasses Cuckflare. Tor Browser was blocked from Cuckflare for its entire existence up to a year ago (that's at least 5 years). Also refer to my previous paragraph.
Also refer to the rest of this thread. For example uses Links without Tor and was blocked from archive.is.
No, that solves nothing. It's not possible to determine whether encrypted traffic is flowing over a pipe, even if the data is "plain text" (for example only alphanumeric characters or words of the dictionary). Of course some government niggers would love to implement such a retarded non solution as long as they are paid in votes.
Gabriel Barnes
Everything is possible, but it's a never ending arms race between DPI methods and obfuscation methods.
You can tunnel all your shit through legit-looking https with third-party CA and a legit looking website as a face for your tunnel server.