Cloudflare also flags every Tor exit, which makes quite a bit of the web rather difficult to visit. I shouldn't need to fill in a captcha to load a gfycat animation.
That matches up with what they claim on their site:
CloudFlare does not actively block visitors who use the Tor network.
Due to the behavior of some individuals using the Tor network (spammers, distributors of malware, attackers, etc.), the IP addresses of Tor exit nodes generally earn a bad reputation. Our basic protection level issues captcha-based challenges to visitors whose IP address has a high threat score.
From personal experience: most activity you're likely to see from Tor exit nodes is fraudulent. Absolute bottom-of-the-barrel cesspool traffic trying to probe for vulnerabilities, commit fraud, scrape content, avoid IP blocks, and generally abuse your site in ways that the attacker wouldn't be comfortable doing with their own IP address. It's really tragic - given the potential of the network as a privacy tool - that it's mostly used for evil, not good.
> CloudFlare does not actively block visitors who use the Tor network...
...Yet all visitors who use the Tor network are blocked. There's a certain contradiction here. (Yes, I know what they mean, but the end result remains the same.)
It most likely is just automatically doing it to known Tor exit nodes. Spammers use Tor quite a bit for scraping and other bot activities. Companies like Cloudflare just take the easy route and throw all exit node IPs into the garbage bin under the assumption that legitimate Tor users are used to such treatment.
