Edit: Please see discussion downthread.
I observe that Tor is still blocked and redirected. But I appreciate that ZF cares about this. When Tor-friendly people are notified of Tor-blocking behaviour in their hosting provider stack, I understand that it may take reasonable time to resolve. I will update OP as needed.
Last checked 2022-08-10 06:29 UTC: Still blocked/redirected.
(End of later edit. Original post follows.)
When I attempt to visit any page on zfnd-dot-org or its subdomains, I am redirected to the standards-violating URI
https://zfnd.org/.well-known/captcha/ (or the same path at a subdomain), with a message that offends my dignity:
Please complete the captcha below to prove you’re a human and proceed to the page you’re trying to reach.
I realize that I am a sort of a canary in the coal mine, because I use Tor all the time, for almost absolutely everything. However, I find it disheartening if I am the first Zcasher to notice this. Does anyone else here regularly surf the Web with Tor? Are there any Tor users at the Zcash Foundation? Has @nickm_tor visited zfnd-dot-org to communicate about Zcash Foundation grants to the Tor Project?
This abuse of the
/.well-known/ namespace violates RFC 5785.
This abuse of the path
/.well-known/captcha/ is not registered with IANA—and it could not be, because it grossly violates RFC 5785.
/.well-known/captcha/ redirect on various sites has annoyed me for a long time. But I never cared much about those sites—not as I care about Zcash.
A general message for site owners:
If you mistreat Tor users, then some of them will simply decide that you don’t need their readership, their paying business, their friendship, or otherwise the benefits of associating with them.
As a privacy activist, I actively, vocally boycott most sites that block Tor. I do not beg and plead for the block to be removed: Instead, I tell all of my friends that the site is an unconscionable and unethical supporter of mass-surveillance.
Blocking Tor is often an heuristic indicator that the site itself is probably loaded with trackers, and it wants to prevent you from protecting yourself against them. Boycotting sites that block Tor is like boycotting food producers that misuse pesticides: It is good for your own health.
What is causing this Tor block?
After some research, I traced what I believe to be the source of this Internet abuse:
I presume that this is the Tor-blocker somehow appearing at zfnd-dot-org. If not, someone please advise what other Tor-blocker is abusing the
Siteground’s blog comments are closed, and I will not even try to contact them. Why would I waste my time? Their position is clear from the blog comments on that page:
I do not advocate that they should fix this: I advocate that everyone else should boycott them until they go out of business. Reasons:
Their overly-hyped security theatre blocks Tor users from even reading ordinary webpages (!).
They demonstrate gross ignorance of, and abuse of Internet standards by polluting the RFC 5785
/.well-known/namespace with ridiculously nonconformant usages which are not, and never could be registered with IANA. Should you ever entrust your site’s security to anyone with such abysmal incompetence at technology?
They hate Tor users so much that they not only block Tor, but also redirect so that Tor users lose the URI of whatever page they clicked on. I ignore and actively boycott most sites that block Tor; but if a Tor-blocking site seems sufficiently valuable to me, I sometimes try different ways to view it. Siteground obstructs this with their redirect away from the page that I had wanted to see.
They hate Tor users so much that they repateadly, arrogantly dismiss polite requests to change their own misbehaviour.
Don’t ask them to fix it: Dump them, tell them why, and tell everyone else to avoid them like plague.
I am unCAPTCHAed!
CAPTCHAs are totally unnecessary for most read-only resources. Even for resources that are more susceptible to abuse, they are not the best option.
And it is always insulting and offensive to human dignity to demand that people “prove you’re a human”. Unacceptable! (No comment on the widespread allegation that I am actually a robot.)
I refuse to complete CAPTCHAs simply to read any site. If you value your limited lifetime and your human dignity, then so should you.
What should Zcash do?
Zcash’s mission is to promote privacy. I urge the Zcash Foundation please forthwith to dump and to boycott the perpetrators of this toxic, destructive, counterproductive, actively anti-Tor security theatre—and please to make sure in the future that Tor users can freely access your site.
Indeed, I respectfully suggest that ZF, ECC, the current Z.Cash site, and the Zcash Community site should set up onions—as Bitcoin Core (onion) has had since March of 2020, and as the old Z.Cash site used to have five years ago. (What happened to that?)