94% of Tor Traffic is Malicious, According To CloudFlare

Updated on:

A recent report from CloudFlare says that over 94 percent of all the requests that come from across the Tor browsing network are of a malicious nature.

That is, they use Tor to scam or phish or cause digital chaos.

However, this does not seem to represent the whole story.

CloudFlare Analysis

After analyzing network traffic that reaches its customers’ websites for about a week in the month of March, CloudFlare, a website security company, found that over 94% of the content/communications was of malicious nature.

The Tor network can be accessed for online anonymity and this is made possible through peer-to-per connection of many servers.

Your TOR usage is being watched

Most people go online using the Tor anonymous network only to avoid surveillance.

It, therefore, encourages criminals to act without fear of getting caught.

On the positive side, it enables activists, journalists, and repressed members of the society to speak up freely.

CEO and co-founder of CloudFlare, Matthew Prince, observed that most of the malicious content belonged to the category of advertisement click-frauds, content scraping, scanning for vulnerabilities and spamming, among others.

These activities, in general, generate a large number of requests that causes an attacker to leave a large digital footprint, he observed.

According to the data obtained from Project Honey Pot, which is an open source project that helps administrators track spam emails, it has been found out that about 18 percent of the spam that is generated globally use an automated bot that harvests email addresses using the Tor network.

However, the Tor project had a few points to note about CloudFlare’s approach to web security.

They opined that some users that access the network are often confronted with “captchas” that sometimes deny them access to websites therein.

Tor developer Mike Perry observed that the procedure used by CloudFlare in labeling traffic as spam from IP addresses that have once sent malicious content is basically flawed.

This results in millions of genuine people getting blocked from accessing websites of their choice.

CloudFlare defended the claims and said that their research uses a variety of techniques to back their findings.

The methods determine if the source of the request is automated, create content that is made visible exclusively to bots and also turn protection off on specific internet servers that are used for the purpose of control.

Though Tor was initially started off in the 90s (by a group of researchers) for the use of the US Department of Defense to hide identities and addresses of agents gathering intelligence, it has become popular as users can hide their addresses and surf the net anonymously.

This factor has made the browser a favorite with cybercriminals, online darknet markets, malware and the like and has up to a million daily users today.

The benefits and drawbacks of the browser are still raging topics of everyday debate.

A recent survey by CIGI had more than 70 percent of 24,000 respondents wanting the darknet shut down.

Cybercrime concept, on the computer keyboardEric Jardine, a research fellow at CIGI, opined that a majority of people did not know fully the functions of Tor and how the technology can be put to use more effectively.

Their reaction was simply spontaneous, he added.

He also argued that a name change to “Freedom Network”(proposedby one online user) from “Tor” and a focus on network privacy would do a lot of good.

CloudFlare’s research data does not ultimately show which of the actors show up in more numbers: the baddies or the oppressed ones that want to speak up on anonymity.

Though CloudFlare’s research shows that the cybercriminals in small numbers can create a large digital footprint, many other companies have come up with differing results.

As an example, a study by Akamai (of Tor traffic) found out that only 0.3% of requests from Tor exit nodes were harmful and they produced very little bandwidth as compared to the ones researched by CloudFlare.

Akamai also intercepted a good number of legitimate business transactions from the Tor exit nodes.

According to yet another study by Distil Networks, around 48% of Tor traffic was from illegitimate users.

Rami Essaid, Distil CEO, was fully in agreement with the CloudFlare results that a small number of users can create a large amount of traffic that is malicious.

In the light of these findings, CloudFlare CEO Matthew Prince also agrees that the research has primarily been conducted on the Tor traffic that reaches the company’s customers.
They are completely unaware of the rest of the traffic which is not visible to them, he admitted.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.