I also want to add here because a lot of people either mention Tor as a succesful solution, or mention why Tor is not a solution but state completely wrong reasons. And I have a good soapbox to stand once in a while.
Number one reason why Tor is dead is Cloudflare.
Let me digress here. In my opinion, Cloudflare does a lot more censoring than all state actors combined, because they singlehandedly decide if the IP you use is "trustworthy" or "not", and if they decided it is not, you're cut off from like half of the Internet, and the only thing you can do is to look for another one. I'd really like if their engineers understood what Orwellian mammoth have they created and resign, but for now they're only bragging without the realization. Or at least if any sane antitrust or comms agency shred their business in pieces.
And Cloudflare by default makes browsing with Tor unusable. Either you're stuck with endless captchas, or you're banned outright.
Number two reason why Tor is dead is all other antifraud protections combined. Try paying with Stripe through Tor. There is quite a big chance you'll get an "unknown error" of sorts on Stripe side. Try to watch Netflix in Tor - exit nodes are banned.
Everyone kept shouting "Tor bad, Tor for criminals", and it became a self-fulfilling prophecy. It's really hard to do just browse web normally in Tor, because all "normal" sites consider it bad. The "wrong" sites, however, who expect Tor visitors...
The point of Tor was never to access classic internet, they actively discourage it. Exit nodes are a convenience feature. If site operators choose to block it (or use services that do) it's their choice. Services should expose onion interfaces - for example, Facebook does.
it depends. I myself have some combination of browser extensions which make me a bad guy in Cloudflare opinion. I don't know exactly which one is the culprit because I added a lot of stuff over the years, but I really don't care: if Cloudflare blocks a website, I simply use another one. The good half of the internet will get my traffic.
That's all great and lauded be you for being principled, but this only helps until you need to use the website of a public institution, which decided to put fate of the citizens into the hands of a privately owned company, or some website that has a unique value, but is behind cloudflare. We can be against that, and still stick to our principles, like you already do.
that's a good point and indeed a problem in the original post context. I am of course talking from my privileged perspective where my country doesn't do that so I don't have that problem.
I understand where you are coming from but there’s a flip side to this.
Cloudflare obfuscating such a huge segment of origin servers gives a privacy advantage to anyone using a private DNS, since most of the IPs you can be seen connecting to are just…Cloudflare.
It's funny that the original idea for HTTPS was that there should be private communication between clients and service providers, and it somehow got turned on its head and now its just private communication between you and Cloudflare, and they can see all the traffic.
We talk about end to end encryption all the time, but half the web is hosted by a single company with questionable ethics and everyone is like, we trust them! They write technical blog posts!
Even Signal is hosted on Cloudflare...
Or, at least, that’s how it would work if it wasn’t for SNI…
Cloud Flare supports ECH. https://developers.cloudflare.com/ssl/edge-certificates/ech/
Any examples of Cloudflare client websites that have enabled ECH
China blocks ECH.
do you have a reliable source for this claim?
China's use of SNI-based censorship is well-documented
For example, see
https://censorbib.nymity.ch/pdf/Niere2025a.pdf
China has blocked ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
But SNI is not CH and ESNI is not ECH
Will China block ECH
ECH blocking has been detected in Russia
https://github.com/net4people/bbs/issues/417
According to Niere et al. (2025)
"Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]."
The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely
It does not mention anyone using ECH to bypass GFW
Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use
Yes, but SNI is not ECH.
Great gaslighting I must admit, terminating SSL of half the internet.. that centralization is actually enhancing privacy... There is a very high probability Cloudflare is a literal NSA front.