2

How do VPN providers prevent getting blocked using e.g. Cloudflare, like it is the case for Tor exit-nodes?

Anyone using Tor to the browse the Internet have experienced that their connection is blocked by Cloudflare or some other service that flags the Tor exit-node as a potential source of malicious traffic.

I guess the traffic of VPN users, e.g. NordVPN, is not more benign than that of Tor users. So, why aren't VPN users blocked by Cloudflare - their Internet traffic is also routed through a fixed set of nodes?

Shuzheng
  • 1,097
  • 4
  • 22
  • 37

1 Answers1

4

Cloudflare and IP blacklist services do not specifically target anonymity networks. What they do is look at the amount of traffic coming from particular IP addresses or ranges of addresses and catalogue how much of it is malicious. They apply blocks based on how malicious a given address appears to be.

VPN providers do not have any particular technique to avoid this. In fact, popular VPN IP addresses often are heavily blocked. The only reason Tor is more likely to be blocked is the fact that, because it is free, each IP address sees significantly more use, including for spam. This results in services like Cloudflare seeing more malicious traffic coming from Tor exits and applying increasingly harsh blocks. It is true that the list of Tor exit addresses is public. This is an unavoidable aspect of the protocol's design. However, that fact is not a significant reason for why Tor relays are blocked more often.

There are entire third party services which collect IP addresses that have been used for malicious purposes and provide such blacklists to their clients either for free or in the form of a subscription. A popular example would be DNSBL, which contains IPs from both many Tor exits and VPNs.

forest
  • 64,616
  • 20
  • 206
  • 257
  • Thank you for a very detailed answer. In effect, why aren't a VPN provider like NordVPN rendered completely useless? They doesn't log user's traffic and doesn't cooperate with externals. So, I guess NordVPN would be used heavily for malicious purposes, which should get their nodes blocked by e.g. Cloudflare. However, NordVPN seems to be rather popular? – Shuzheng Dec 20 '18 at 08:33
  • @user111854 A VPN not keeping logs [does not mean it can't be traced](https://security.stackexchange.com/a/175186/165253). Also, being blocked by certain sites does not make it useless. I use Tor exclusively, which is often blocked on certain sites, but I am still able to make much use of it. Also remember that spammers like cheap things. Paying for a VPN is not something they'd like to do compared to, say, using Tor for free, or buying a thousand proxies that aren't (yet) on any blacklists dirt cheap. This just means less of them use VPNs, getting them blacklisted. – forest Dec 20 '18 at 08:34
  • "use Tor exclusively, which is often blocked on certain sites, but I am still able to make much use of it." - I find that it is blocked on most "consumer"-based sites that I use day-to-day :-) – Shuzheng Dec 20 '18 at 08:38
  • @user111854 I tend not to visit popular consumer sites, but that's just me. :P – forest Dec 20 '18 at 08:39