Does Cloudflare operate Tor relays?
I came across a blog post asserting that Cloudflare operates Tor exit relays to deanonymize traffic and his proof is that when he's using Tor Browser and goes to speedtest.net it shows Cloudflare as his host? Is there any truth to this whatsover? https://simplifiedprivacy.com/torlies/
19 Replies
I’m suspicious about that article, he says it’s only 2 nodes but his flow shows 3 nodes. Entrance, relay and exit
Cloudflare literally runs many of the Tor nodesThat's really easy to disprove, all that info is public: https://metrics.torproject.org/bubbles.html#as
Cloudflare also doesn’t oppress users by having captchas. They offer sites the ability to block or challenge Tor. Site owners have the option to not use them. And I’d be surprised if Cloudflare was able to de anonymize Tor traffic given the amount of work it would take to do that, you’d have to be the tor protocol
What is the rational explanation for Cloudflare coming up in Tor Browser though? I just replicated it multiple times.
Cloudflare has a service for websites using Cloudflare (like speedtest.net) where they support onion routing via the alt-svc header: https://developers.cloudflare.com/network/onion-routing/
Onion Routing and Tor support · Cloudflare Network settings docs
Improve the Tor user experience by enabling Onion Routing, which enables Cloudflare to serve your website’s content directly through the Tor network …
Could be that? I'm no expert on TOR though lol
Does tor browser allow you to check your circuit? Can see the nodes you are using
yes
1 sec
They do mention
Tor users no longer access your site via exit nodes, which can sometimes be compromised, and may snoop on user traffic. Human Tor users and bots can be distinguished by our Onion services, such that interactive challenges are only served to malicious bot traffic.
So in that circuit this is my actual exit relay
https://metrics.torproject.org/rs.html#details/B9B267EF3716498DACF5D79CEDD7D025876398A1
I see this as your exit https://metrics.torproject.org/rs.html#details/C28363EA6BA475D5E0A5EFB35BA8CA2A38A9ECE4
Why it’s showing as Cloudflare I don’t know but you aren’t using Cloudflare as an exit
lol
I'm pretty sure it's just the onion routing stuff for CF sites, someone mentioned getting an IP from that same range on Maxmind which also uses CF
I thought I was paranoid but jeez that blog post made me feel a little better about myself
You can see pretty easily CF has zero exits or relays on their asn https://metrics.torproject.org/rs.html#search/as:13335%20
yeah that was the first thing i did haha
What do you see if you go here? https://www.speedtest.net/cdn-cgi/trace
2405:8100:8000:5ca1::33:11df