Recently we are seeing some "TOR Abuse" where users who have been banned register with TOR and use throw-away email addresses to register.
If this continues, I will take some time a write a Discourse plugin that blocks all user registration and posting from IP addresses from the TOR network (TOR endpoints).
If you have time, can you check or post on META to see if a similar plugin exists where we can use our GeoLocation capabilities in Discourse to check for TOR IP addresses and block?
If a similar plugin-in already exists, I can modify it and same some time; as I am not really "in the spirit" to have to take time off other projects, set up my Discourse dev environment (again) and write a plugin.
I'm outside my comfort zone on this and therefore I wouldn't normally attempt to answer, however, on quick search this guy says:
[Travis](https://meta.discourse.org/u/Vocino)[Vocino](https://meta.discourse.org/u/Vocino)
[Apr '17](https://meta.discourse.org/t/handling-trolls-with-multiple-accounts-over-vpns/49489/26)
It’s not a great solution but if you really have an issue, blocking access from TOR will usually make a significant dent in your troll traffic.
[https://www.torproject.org/projects/tordnsel.html.en ](https://www.torproject.org/projects/tordnsel.html.en)
and gives a link to a proposed method to block the Tor browser.
Reference this page: (search for post by Travis)
Separately, it looks like somebody has indeed had a go at a plugin for browser fingerprinting:
I take a robust approach to blocking disposable email addresses - after a bit of searching on the subject compiled a list of 3,700 domains to block. I use SSO so this is not managed within Discourse itself (not sure whether you could add this many records to the Discourse blacklist…).
Not entirely sure whether this is comprehensive or whether it includes ‘false positives’ - but in principle I am happy to try and prevent registrations from disposable email addresses.
We will more-than-likely add a forum rule in very near future informing that is against our community policy / rules for users to post to our community from the TOR network.
We have performed some DB analysis and only about 0.5% of new community users post from TOR, but out of this small percentage of TOR users, the users who repeatedly troll and break the rules are mostly people who hide behind TOR.
In fact, about 1/3 of all TOR users identified (so far) disrespect our community rules and guidelines and, at the same time, fight aggressively with our team member when our team attempts to enforce the rules.
We have little choice but to ban TOR users from the site.
In addition, we may also consider a similar policy toward registering with "throw-away" email address; because we see a similar correlation between aggressive TOR users and registrations with "throw-away" emails.
Privacy is a good thing; but when these same users hide behind anonymous networks and use "one-time" email addresses to abuse our moderation team while they disregard our community guidelines, privacy becomes weaponized.
Let's be a little objective about what is going on:
Why would anybody want to register, if not to collaborate, either by helping peers or by submitting an issue one cannot find a suitable solution to?
In such a situation why be willing to hide behind a tor proxy? ( except perhaps a genius hacker willing to help but only if he stays anonymous, but the truth is I have not seen one yet...)
Now because of trolls and almost virtual mailboxes, many sites refuse to accept disposable/anonymous mails, why should we accept?
The least if you want help is to be a little honest and not hide your identity, knowing that at your registration you can choose the name you want to display, and no one can see your email
It is interesting how those who break the rules and disrespect the community guidelines are often the exact same people who hide behind TOR and use throw-away email addresses.
For many people unfortunately, privacy is a weapon to use against others.
