wiki:org/doc/ListOfServicesBlockingTor

Version 257 (modified by jukey, 4 years ago) (diff)

moved hint

List Of Services Blocking Tor

The Tor community maintains the following three lists (RBL blocks, Blocking software, and Individual blocks) as part of the DontBlockMe project.

Glossary

  • CDN - A CDN is a content delivery network: these are networks that websites use to serve high amounts of traffic to their clients. CDNs can be geographically distributed to provide "local" copies of web content to people worldwide.
  • Exit relay - This is a Tor relay that exits traffic onto the plain Internet. All Tor traffic (though not when using hidden services) appears to originate from these exit relays.
  • Non-exit relay - A Tor relay that does not act as an exit relay. A non-exit relay does not originate any traffic other than to other Tor relays and thus there is no necessary reason for services to block traffic from them. Guard and middle relays are the two types of non-exit relays, and many non-exit relays act as both types at the same time.
  • TCP RST - The TCP reset (or reject) is a way to gracefully close connections. Many services/software to block Tor traffic may block by explicitly closing the connection instead of ignoring the traffic.
  • TCP timeout - A TCP timeout is another way to block Tor traffic on the protocol- or routing-level, however it involves silently ignoring the traffic instead of rejecting it.

List of RBL Blocking Services

An RBL is a "realtime blackhole list" which is a DNS query-based list used to tag IP addresses as being malicious or as being an origin of spam. Due to the inability to filter or monitor Tor user behavior across the entire network, many Tor exit relay IPs will be marked as threatening (even indiscriminately) which means many legitimate web surfers will be incidentally included in such blocks. This is a subproject to routinely search for and clear Tor relay nodes from RBL and RBL-like lists.

Format:

  • [URL] - Description of service/list, threat detection and consequences for Tor users

List Of Software Used To Block Tor

A listing of the software that has been identified as being used by the services listed below. This can present via another avenue to accomplish the goals of the DontBlockMe project. The format is:

  • [URL] - How to identify the blocking software when used by a service
  • http://akamai.com/ Fifa.com, tdbank.com, expedia.com, www.ecb.europa.eu, discussions.apple.com seem to be using Akamai and use some sort of configuration that blocks Tor (not all Akamai sites block Tor). Akamai blocks usually present with a basic page saying "Access Denied" and a 'reference' note like "Reference #18..." You can definitively confirm whether a site uses the Akamai CDN by running a WHOIS on the site's domain and looking for akam.net nameservers.
  • https://www.cloudflare.com/ - Usually announces itself as CloudFlare, gives Tor/A1 notice, etc.
  • http://www.incapsula.com/ - Usually announces itself as Incapsula, gives Tor/A1 notice, etc.
  • Convio/Blackbaud - A web host for various nonprofits. Blocks Tor specifically, returning an HTTP 501 error: "Not Implemented Tor IP not allowed". A traceroute leads to a subdomain of convio.net. http://www.adl.org/ is one affected site [last check: 2015-07-15].

List Of Services Blocking Tor

Services should be listed if:

  • They display a written policy that prohibits "Tor" specifically by name.
  • They display a written policy prohibiting proxies, VPNs, open/free networks, travelers, etc.
  • The text of an error message indicates "Tor", anonymous proxies, etc.
  • After testing with "signal NEWNYM / New Identity / MAPADDRESS", access and/or full use via Tor is found to be consistently problematic (defined as affecting at least 80% of all exits).

The list is formatted in alphabetical service groupings as follows:

Type of Service

Tor Open:

  • List up to five (5) leading counterexamples of competing services that happen to not block Tor (use WeSupportTor for explicit Tor supporters). Then list all the services of that type that do block Tor. "Tor Open/Blocked" headings may be omitted until there is at least one counterexample.

Tor Blocked:

  • URL of service - nature of block: complete, account creation, read-only, random breakage, etc. [last check: <current date in YYYY-MM-DD>]

Attention: Please be aware, that this page itself (https://[trac.torproject.org) does block Tor traffic for registration and editing by showing very hard to read captures.

The List

The current list is as follows...

Banking / Finance

Blogs ( by engine )

Commercial

Business-to-User / Retail Shopping
Business-to-Business / Commerce and Industry / Advertising

Computing / Technical

  • Certain Apple.com sites:
    • https://getsupport.apple.com/ - 'Access Denied. You don't have permission to access "http://getsupport.apple.com/" on this server.', blocks sporadically [last check: 2015-06-10]
    • https://support.apple.com/ - 'Access Denied - You don't have permission to access "http://support.apple.com/" on this server.', blocks sporadically, block includes non-exit relay IPs. [last check: 2015-06-21]
    • https://discussions.apple.com/ - "Access Denied" but sporadically blocking (Akamai) [last check: 2015-04-02]
  • https://www.box.com/ - Can access the site but not login or sign up
  • https://forum.cyanogenmod.org/ - "Sorry, you don't have permission for that!" [last check: 2015-03-11]
  • https://github.com/ - Apparently blocks account creation via Tor (tested once [when? still valid?])
  • https://www.linuxquestions.org/ - "Error 403", blocks registration through Tor, but claims to allow unblocking by logging in. [last check: 2015-01-04]
  • http://www.manux.info/ - Votre connexion internet dispose d'une adresse IP interdite. Cela peut indiquer que vous utilisez un proxy web, ou une adresse IP listee comme malveillante aupres de nos serveurs.
  • http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz and http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz - The company MaxMind provides these databases for use in a GeoIP package that determines a user's IP geo-location. Tor-connected systems are unable to use it, receiving a "Forbidden" code. Maxmind says they can't be bothered to look into why these are blocked; they recommended StackOverflow.com for "technical support". In one correspondence they recommended changing host to geoip.maxmind.com as a workaround, but they also insist this is not the recommended location.
  • https://bugzilla.mozilla.org/ - Blocks account creation via Tor (requesting an account via email still works)
  • https://www.namecheap.com/ - Blocked harshly by Cloudflare. If you're extremely lucky, you can access only 3 times. Serves you a Cloudflare captcha, you solve it, want to login, then it just returns "The password does not match the user account or the account does not exist. Please verify both the user name and password and try again." [last check: 2015-01-24]
  • https://pastebin.com/ - Certain exit IPs are blocked completely, even from reading the site. The unscured version of the page (http://pastebin.com) works without any restriction [last check: 2015-08-08]
  • https://secunia.com/ - Forbidden! We have registered this IP Address (x.x.x.x) as being a robot. Secunia does not allow content leaching robots on our website thus this IP address has been banned.
  • http://www.slingbox.com/ - TCP timeout [last check: 2015-03-24]
  • https://statuspage.io/ - "Your IP address 81.89.96.89 has been flagged as a scanner. Scanners are not permitted. If you are seeing this message in error, please contact security@…." [last check: 2015-05-30]
  • http://www.xprivacy.eu/ and https://crowd.xprivacy.eu/ - Resource site for XPrivacy Android app: ironically blocks Tor and other "spammers" at firewall level; administrator refuses to allow Tor visitors even just to read the website. (ticket) It appears that the Tor block has been lifted--at least for reading privileges. It is not known whether writing privileges are possible over Tor, though writing is much less important. [last check: 2015-03-19]
  • https://talk.maemo.org and https://wiki.maemo.org - blocked completely; discussion here - [last check: 2015-08-08]

Education

Forums / Imageboards

Gaming

  • http://www.gamefaqs.com/ - "Blocked IP Address - Tor Exit Node" [last check: 2015-03-18]
  • Steam, Steam Community - Several reports of users having their accounts banned or restricted permanently, which generally means new products cannot be purchased and the person is no longer permitted to talk to friends or post in Steam discussions and boards. (references: 2015-03-15 and 2015-01-13)
  • Steam Users' Forums - "Sorry. The administrator has banned your IP address." [last check: 2015-03-18]

Government services / Publicly-funded resources

Clusters:

Image Hosting

  • https://imgur.com/ - "We're really sorry, but uploading from the Tor network has been disabled. Please disable Tor and try uploading again." Blocks uploading, allows browsing.

IRC / SIP / XMPP / "non-web" network communication services and messaging

For information specific to IRC, see Blocking IRC

  • Skype - Login attempts via a Tor exit node are rejected (since 2013, see list and blog): load icon spins forever; experience shows it can take ~6 weeks for a new exit node to be blacklisted

Mail services

News media

Search engines

Social networking

Communities / Friends / Interests
Dating
  • https://www.pof.com/ - Periodic process[please clarify] may delete after a while (hour to days) if geoIP does not match profile location, Deletes[what?] for other unknown reasons. Try contacting csr@… and post any results to tor-talk.
Professional
  • https://linkedin.com/ - You need to pass an image test before login, after which a login email validation is required. Might block completely due to "unusual traffic from your network connection." [last check: 2015-03-18]

Sports

Utilities ( Electric / Gas / Water / Telecom / TV / Internet )

Shipping

Telecommunications

Open:

Blocked:

TV / Video

Wikis

  • (No sites listed yet)

List of formerly listed services

These were formerly listed in the above list, but someone (you) found that they now seem to work "more often than not" and thus moved them here adding the move date (do not remove the original reason for listing). Once listed here, other readers will check them from time to time. If they are still blocking "more often than not", feel free to move them back into the lists above. If they've been on this list for over a year, feel free to remove them as apparently having been a temporary IP block, not a complete class-based (Tor/VPN/Proxy) block. Listings older than 3 months should probably be removed.

Format:

  • [YYYY-MM-DD listed - URI - original reason, delisting notes]
  • 2015-03-18 - http://www.cnm.edu/ - Blocks Tor relay IPs, even non-exit relay IPs (connection never ends). [last check: 2015-01-04] Works fine 2015-03-18
  • 2015-03-18 - http://www.bbc.co.uk/iplayer/ = States not in the UK even from non-exit relay IPs. (BBC says they are trying to fix this problem since 10/2014 still not working 2/2015) It seems to work from UK-based exit nodes, which is actually surprising since it's trivial to "be" in the UK when you're using Tor. Then again, it's not like YouTube blocks Tor users despite the fact that Tor can be used to "be" anywhere and bypass regional blocks. It's probably in their best interest to not block Tor at least unless content providers become angry over regional bypassing. Perhaps we should have a new category just for content providers that are blocking for regional purposes and not for "security" reasons.
  • 2015-03-18 - http://wiara.pl Gość Niedzielny — Polish Catholic newspaper and website. Works fine 2015-03-18
  • 2015-03-17 - https://ixquick.com and https://startpage.com - Sometimes presents captchas because of exit IPs (with or w/o JS blocked). Sometimes only selecting an exit relay in different geo-location, stops repetitive captchas after each search - from same tab. (doesn't appear to be happening anymore at least since the end of 2014)
  • 2015-03-17 - http://www.myhome.ie/ - TCP timeout Works fine 2015-03-17
  • 2015-03-17 - http://www.realtor.com/ - "Blocked IP Address", unblockrequest@…. Works fine 2015-03-17
  • 2015-03-17 - http://www.tigerdirect.com/ - "Blocked Request", siteissues@…?subject=Blocked+Request Works fine 2015-03-17
  • 2015-03-17 - https://www.kayak.com - Detected as bot after submitting query. No captcha. [last check: 2015-01-27] Captcha after attempting search but works fine 2015-03-17
  • 2015-03-17 - http://facebook.com/ - Login puts account in validation required mode, if no phone number associated, may lose forever. Facebook offers an "experimental" .onion since October 2014 so this should relieve problems, at least when accessing it from its onion address.
  • 2015-01-04 - http://www.navy.mil/ - "Access Denied" 2015-01-12, Works fine 2015-02-11 I could not connect on 2015-03-17, need confirmation for this Works fine 2015-04-02, only the "www" subdomain works
  • 2015-01-04 - https://www.healthcare.gov/ - Works fine 2015-02-11, 2015-03-17, 2015-04-02
  • 2015-01-04 - http://www.catholic.com/ - Cloudflare captcha but works fine 2015-02-11, 2015-03-17, 2015-04-02
  • 2015-01-04 - https://ello.co/ - Works fine 2015-02-11, 2015-03-17, 2015-04-02
  • 2015-01-04 - https://www.geekculture.com/joyoftech/ - nothing wrong?, Works fine 2015-02-11, 2015-04-02

Attachments (6)

Download all attachments as: .zip