https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm 18 July 2016 Cloudflare reCAPTCHA De-anonymizes Tor Users A sends: Cloudflare's insistence on solving reCAPTCHA puzzles when visitors are coming from Tor exit nodes to one of the 2 million web sites that Cloudflare 'protects' can be very instrumental for traffic analysis and de-anonymizing of Tor users. This is how: The only non-public prerequisite for the de-anonymizing entity is the ability to monitor traffic between ISPs and Tor entry nodes, and traffic entering Cloudflare servers (no decryption required in either case). There are, of course, no 2 million Cloudflare servers, probably there is no more than few hundred. Each click on one of the images in the puzzle generates a total of about 50 packets between Tor user's computer and the Cloudflare's server (about half are requests and half are real-time responses from the server.) All this happens in less than a second, so eventual jitter introduced in onion mixing is immaterial. The packet group has predictable sizes and patterns, so all the adversary has to do is note the easily detectable signature of the "image click" event, and correlate it with the same on the Cloudflare side. Again, no decryption required. There likely are many simultaneous users (thousands), but they do not solve puzzles at the same time, and they do not click on the puzzle image at the same time. Simple math shows that disambiguating is trivial. If there is some ambiguity left, Cloudflare can conveniently serve few more images to specific users (or even random users, as long as within the same few seconds different users get different amount of 'correct' images.) This obvious opportunity is not the proof, but NSA would have to be utterly incompetent not to be exploiting it. No one is that incompetent.