Oddbean new post about | logout
 Based on my observations alone, using sorts of TOR / VPN / Proxy configs, it feels to me as though they're matching entry point to exit point using the time domain... spurting packets of data in timed bursts, so that an entity with a whole-view of the internet can match 'drum beats' at the entry point and exit point. 
 Yeah that was my thoughts exactly.  If they EXIT tor, then they’re subject to some kind of random thing related to the exit → website.  But if they stay inside Tor, somehow they can push traffic through.  The speedtest.net sometimes shows cloudflare, other times “CIA Triad LLC” which I’m guessing is their third party security contractor trying to do this analysis.

If you can prove something in a demo, I can pay for solid evidence of the technicals.  We can’t get their real data, but we can re-create it. 
 The question I ask myself is: Why does it take sometimes a minute or two to 'Prove that I'm a human' when I'm secure/private... but only a second or two when I'm not secure/private?!? The argument that spammers etc. use TOR exit points doesn't rly cut the mustard when the only 'proof of human' they require is to move the mouse a bit and check the same box in the same location. If it walks like a duck and quacks like a duck... 
 Yeah I agree with you.  But their argument is that the more private you are, the less info they can get to see you're unique.  It's unique visitors that enable them to stop DDoS

They clearly put your freedom 2nd 
 There are other ways to stop DDOS. My solution is to close the tab whenever I see Cloudflare.