Accommodate Tor users

Thanks for moving this issue to the appropriate project and for the thoughtful replies.

I am a bit in doubt why somebody would need to access d.o through Tor

I do all web browsing with Tor Browser because I would like have more privacy and be more protected against surveillance by ISPs, governments, etc. To me it is easier to use Tor Browser for every website than to use it on a per-site basis, because then I can use a single browser and don't have to make a decision of whether to use Tor for each website based on assessing all possible risks of surveillance. I think there are probably other people who similarly use Tor Browser. (Of course I wouldn't expect Drupal.org to accommodate my individual use.)

There may also be use cases where it would be important to access Drupal.org using an anonymity network like Tor. Drupal is used for a lot of governmental and political websites. There could be value to the developers of such websites protecting their identities. If I run a Chinese pro-democracy website, for instance, maybe Chinese intelligence looks to see who is connecting to Drupal.org and checking pages that would be related to that site, then targets that individual.

I realize these may to some seem like paranoid concerns, but opposition to surveillance is also for some a political view that it would be good to support in the spirit of diversity. People also place different levels of importance on online privacy, and have different opinions of what privacy is needed or enough.

if we want to accomodate these people, we should offer d.o as a hidden service. Then we could do our own rate limiting for that.

I think this is a great idea. Is there a way for someone outside the infrastructure team to help?

If the first step to assess whether this is actually a need, maybe a poll/survey could be conducted somehow?

I could set up an experimental hidden service on a VPS that is a gateway to Drupal.org. Then there would be a single static IP address presented to Drupal.org for Tor users, and access restrictions could be set based on that IP address. I wouldn't be able to afford much bandwidth, but maybe this would be a good way to gauge interest in a hidden service? It would be made clear that the hidden service is not maintained by Drupal.org.

You're right, I wasn't realizing the traffic would be unencrypted at the proxy server as it would not be an HTTPS proxy.

I am guessing there are two general types of abuse from Tor?
1. Spammers registering accounts and posting spam.
2. Excessive requests from anonymous users.

What about whitelisting known Tor exit node IP addresses, but for them disallowing user registrations (solves #1) and rate limiting (solves #2), as another possibility besides Drupal.org-hosted anonymous-only hidden service?

Idea is a spammer could register an account not using Tor, but posting spam would result in the IP addressed used for registration being blocked. Freenode takes a similar approach--it is not possible to register a Freenode account using Tor.

The whole discussion may become moot once the switch to a CDN is completed. This would make read access available to all requests, unless the CDN employs some blocking on its own.

Reliable anonymous access to drupal.org would be a major improvement over the present situation, but is not a solution for those who would like to log in and contribute through drupal.org.

If there were a hidden service as you suggested, user registrations could be disallowed via it, preventing the creation of anonymous spammer accounts. Someone could still post spam via the hidden service, but they will have created the account from an IP address that can be blocked without impacting other Tor users.

Under such a system, good Tor users would not have the protection of Tor for their initial registration, but it does not defeat the purpose of using Tor. Location privacy can still be had for all subsequent accesses. Identity can still be protected by performing the initial registration from a public place (e.g., an Internet cafe).

This is essentially the approach the Freenode IRC network has used for years. You cannot register an account via Tor, but once you have an account you can access Freenode via Tor.

I think the proposal to run our own hidden service is still the best solution. If we can find some resources to implement that.

If the primary resource needed is money, maybe a price could be put on the feature and a fundraiser tried? It would be a direct way to determine whether there is enough interest for it to be worth drupal.org providing Tor access. I personally think there would be--I think a lot of people in the Tor community probably either use Drupal or recognize its importance on the web.

Tor is blocked in China.

Tor is indeed blocked (e.g., the Tor website and public Tor servers are blocked), but Tor is not defeated! It should still be possible to use Tor in China by using bridge relays and pluggable transports. Bridge relays are non-public entrance servers to the Tor network. Pluggable transports can be used to disguise Tor traffic as ordinary traffic like HTTPS or Skype. The obfs4 pluggable transport is known to work in China.

With respect to Drupal.org, the hypothetical "Chinese pro-democracy website" use case I gave may or may not be realistic, but I could imagine a similar use case in another country that was good at surveillance but not the best at blocking Tor.

Great!

It has been working splendidly. After comment #20, the greylist page stopped appearing, but occasionally the blacklist page would still appear: "x.x.x.x is banned". Lately I haven't seen either. If it does still occur, it is infrequent enough that practically it is not a problem. Thanks all.

Note for other Tor users: Add the following to your Tor configuration otherwise your IP address will change while logged in which breaks your Drupal.org session:
TrackHostExits .drupal.org