We changed the title from "Why HN Blocks Tor?" because HN doesn't block Tor. Plenty of users read HN and post to HN using Tor every day, including some in this thread.
There have been issues in the past with Cloudflare and Tor, but I don't know what the current status of that is. Certainly they aren't blocking everybody, or we wouldn't see them.
The one thing HN itself does is moderate comments from brand new accounts that are posted using Tor. We do this because of past abuses by trolls. However, when such comments are good they routinely get restored by users using the 'vouch' feature, or, failing that, we often restore them ourselves. So even this isn't much of a restriction. The main problem is that it makes for a time delay between when a (good) comment gets posted and when other users get to see it.
Sometimes I get roadblocked from viewing Hackernews when using TOR. I say sometimes, because I normally have to change my identity/location to view HN's frontpage (whilst logged out). It can become a hit or miss type scenario where the HN servers are not as strict upon my third, or usually fourth identity and allow TOR traffic through.
Is it not a cloud flare issue? Hn is behind cloudflare, and cloudflare thinks it's a problem... last time I tried, it's requests verification each time, as do other cloudflare backed sites (my own included)
Cloudflare is horrifically hostile to users, triggering blocks and Captchas all the damn time, but I've never once had an issue, or cloudflare interruption, with HN.
It'd give me an interesting conflict if I ever had, as I take Cloudflare captchas as a huge negative indicator of trust.
Well there was something on Github of a browser addon to mitigate the worst of the challenges, back in summer. I remember it hitting front page here. Seemed hopeful a solution was on the horizon. It seems to have been untouched since, and no sign of an actual solution...
Now the UK is stepping up surveillance silliness I use the VPN rather more, and expect many others are, or will. Which today just means endless unintelligently implemented CAPTCHAs.
> It seems to have been untouched since, and no sign of an actual solution...
They're working on it! There will be a talk about this about Real World Crypto 2017 in January, see "Solving the Cloudflare CAPTCHA" on the RWC program: http://www.realworldcrypto.com/rwc2017/program.
As a non-logged in lurker, I always get "prove you're legit" when using TBB. I usually hit the "new tor circuit for this site" button a few times until it goes away.
It is really annoying how to even read HN you need to jump through hoops. I can possibly understand commenting and posting being restricted, but there's not reason to block simple views, it's not like anyone is going to use tor for ddos.
> it's not like anyone is going to use tor for ddos.
Perhaps not DDOS, but yes, tor is absolutely used maliciously:
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious. That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.
Not for most new accounts, no. A small minority of new accounts' comments get autokilled because of past abuse by trolls, and those often get rescued by vouches.
I block tor from many of my servers. I started noticing that whenever I had an issue with someone attacking a server the source traced back to an exit node. What I found when I looked at the traffic coming from the exit nodes was that the vast majority of it was malicious. There was a massive amount of automated password guessing, exploit attempts, and attempt to connect to botnet controllers/backdoors.
I'm all for anonymity. However, until the tor project puts some effort into outbound traffic filtering for exit nodes it is too much of a time sink and headache not to just blackhole it all on servers that either do not serve public content or where anonymity really isn't needed/justifiable.
I put the code I use to block tor exit nodes in the public domain. You can download it here: https://github.com/vab/torblock
There's underblocking and overblocking. Underblocking is allowing TOR traffic through, but also letting TOR traffic flood your servers.
It's obvious that if you have a flood of nefarious traffic like this then you should throttle the TOR traffic. Overblocking is outright blocking TOR with no reason other than because you can, and it leaves many legitimate users frustrated and feeling like the site just self-censored itself.
It would be suitable in these cases to strike a happy medium and allow some TOR traffic through, but throttle suspicious-looking requests like mini 'swarms' of TOR exit IPs hitting the site all at once, which I think HN does, because some TOR idens work, whilst others do not.
That seems like a terrible idea. Unless you're hiring for a user facing role, one's personal opinions should have very little bearing on their hireablility. It's a number that literally means nothing. Hell you can get down voted for having perfectly logical contrary opinions (e.g. any thread involving politics, diversity or Microsoft). This is something you do if you're just are looking for people who think exactly the way you do.
Personally I refuse to provide any company with material that can link back to my personal social sites. It's simply not worth it. I'm not going to sanitize my digital life for the purposes of getting hired. I don't even provide links to my github because people read too much into what is or isn't there trying to parse out some signal that doesn't actually exist.
My posting voice on HN is very different than my professional voice, and I don't want the two spheres connected at all.
(Similarly I don't want my reddit or tumblr accounts connected with my professional space, but I do want my github and linkedin accounts connected with my professional space, and I try to keep my facebook account generally respectable; these days it's mostly shares of 'Old Friends Senior Dog Sanctuary' pictures and if any employer doesn't like that they I don't want to work for them).
It's not though. If you're not arguing a pro-groupthink position you'll get down voted regardless of the quality of your commentary. See just about any politics related thread for an example of that.
Note that only applies to subjective topics. If you're commenting about a purely technical topic then the voting system does seem to work more effectively.
The application process asks for links to profiles, one of which is HN (also github, Twitter, StackOverflow, others).
Criteria varies. Red flags (such as loads of flagged comments here), name calling, threats, "bad" things.
Once and applicant was dismissed from my process because their comments on social (not just HN) showed a severe distaste for "n00b JS". The position clearly identified use of these tools. The demonstrated attitude would be caustic to my team and my junior devs would suffer.
Since companies always have more applicants than jobs we can be choosy. I filter for social fit first.
I can teach you to code. I don't know how to teach you to be respectful.
Again, HN profile is one of 100s of factors we compare on applicants
What happens if an applicant doesn't supply them ? How do you deal with people who don't have accounts or don't use those services? Are you worried that you maybe missing out on candidates who don't participate in these communities?
I totally understand wanting to find strong fits for a company culture, but non-work related social profiles seems like a minefield of a way to screen for how respectful a person will be in an office environment.
There have been issues in the past with Cloudflare and Tor, but I don't know what the current status of that is. Certainly they aren't blocking everybody, or we wouldn't see them.
The one thing HN itself does is moderate comments from brand new accounts that are posted using Tor. We do this because of past abuses by trolls. However, when such comments are good they routinely get restored by users using the 'vouch' feature, or, failing that, we often restore them ourselves. So even this isn't much of a restriction. The main problem is that it makes for a time delay between when a (good) comment gets posted and when other users get to see it.