I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.

The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.

Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously.

  • coffeeClean@infosec.pubOP
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    9 months ago

    Tor-hostility is an act of laziness. An admin decides they cannot be bothered to separate their publications from their contact page, or to just CAPTCHA the contact form. So they take the easy path and simply 403 all Tor users or they offload the effort onto others by proxying via Cloudflare.

    Thus it’s in the interest of the Tor community to make the lazy option a path of greater resistance.

    There’s also a cost apart from time. I just got a response to a GDPR request by registered letter. So the privacy-disrespecting data controller spent ~€10 in postal costs on their response.