In a recent development reported by ZDNet, Cloudflare has launched its new service known as the ‘Cloudflare Onion Service’. The announcement was made in Cloudflare’s blog published today where the idea of ‘Onions’ has been elaborated upon. This service is unique in its ability to distinguish between legitimate Tor traffic and bots. The basic benefit of this service is especially meant for Tor users who will now view much less or even zero CAPTCHAs while accessing a website protected by Cloudflare in Tor Browser.
The introduction of this new service by Cloudflare required small tweaking in Tor binary by the Tor team. Therefore, it would only function with Tor Browser’s recent versions Tor Browser 8.0 and Tor Browser for Android, both of which were launched last month.
This move by Cloudflare came after Tor users excessively complained that they were seeing an exceeding number of CAPTCHAs while accessing a Cloudflare-protected site for a long time now. The company was even accused by Tor Project administrators in 2016 of being involved in a sabotage of Tor traffic because Tor users were being forced to solve CAPTCHA fields more than ten times. In an initial response which came a month later, Cloudflare claimed that CAPTCHAs were being shown because Tor traffic was originating from malicious actors or were automated bots. In spite of the entire defense that Cloudflare presented, it began looking into methods of CAPTCHA removal for Tor users. First venture into this included Challenge Bypass Specification and a Tor Browser extension, a project which did not see any success. Later, the engineering team at Cloudflare introduced Opportunistic Encryption for the solution of this problem. Talking about this, Cloudflare wrote in it’s recent blog, “Two years ago this week Cloudflare introduced Opportunistic Encryption, a feature that provided additional security and performance benefits to websites that had not yet moved to HTTPS.”
Cloudflare’s blog highlighted the functioning of this new service, “Just as with Opportunistic Encryption, we can point users to the Cloudflare Onion Service using HTTP Alternative Services, a mechanism that allows servers to tell clients that the service they are accessing is available at another network location or over another protocol…If the certificate is signed by a trusted certificate authority, for any subsequent requests to “cloudflare.com” the browser will connect using HTTP/2 via the onion service, sidestepping the need for going through an exit node.”
In summary, Cloudflare Onion Service will be capable of distinguishing between good and bad Tor users. Now Tor users who were previously tired of Google reCAPTCHAs will no longer have to face this problem. In order to understand how to enable this service, details can be read here.