2026-micallef-reportor-facilitating-user

ReporTor: Facilitating User Reporting of Issues Encountered in Naturalistic Web Browsing via Tor Browser

Nicholas Micallef, Cameron Cartier, Kevin Gallagher, Lucas Zagal, Sameer Patil · PoPETs 2026 · 2026

Team notes

Auto-ingested via corpus-crawl. Tags proposed by Claude Haiku 4.5; review and tighten before relying. Relevant to understanding user experience and real-world blocking/performance issues with Tor Browser in censored regions; informs design of circumvention tools.

Tags

censors: generic
techniques: measurement-platform
defenses: tor bridges
method: measurement-study

findings extracted from this paper

CAPTCHAs co-occurred with 'Resource Inaccessible' in 70% of CAPTCHA reports and appeared in 23% of all 'Resource Inaccessible' reports; overall 14% of the 119 reports involved one or both problems. Two CAPTCHA failure modes were identified: excessive repetitive CAPTCHAs and broken CAPTCHA servers that made the underlying website permanently inaccessible. The 'Unusual traffic detected from your computer' Google error appeared in 5% of all reports.

§6.1.2 evaluation ip-blocking generic
17% of ReporTor reports cited broken content; investigation found that several websites returned HTTP 403 errors through Tor Browser but loaded normally in Firefox, revealing deliberate differential treatment of Tor traffic masquerading as technical failure. Blocked resources included advertising platforms (e.g., t.co) and JavaScript files handling cookie-consent dialogs, and 8% of reports involved authentication failures where initial page load succeeded but subsequent auth steps were silently refused.

§6.1.3 evaluation ip-blocking generic
Two mechanistically distinct blocking categories account for Tor exit-node inaccessibility: explicit blocks (deliberate CDN/WAF configuration, e.g., Akamai Bot Manager renders AirBnB inaccessible over Tor) and dynamic blocks (abuse-detection systems that flag Tor exit-node IPs because pooled traffic from diverse users raises apparent abuse scores, triggering rate-limiting or blocking despite no explicit Tor policy). Cloudflare does not block Tor by default, but its aggressive IP scoring results in disproportionate blocking in practice.

§6.1.1 evaluation ip-blocking generic
'Resource Inaccessible' was the most frequently reported issue (61% of 119 submitted reports) during a month of naturalistic Tor Browser browsing, followed by CAPTCHAs (18%), Broken Content (17%), Other Issues (13%), and Timeouts (5%). These categories document the operational failure modes that degrade everyday Tor Browser usability beyond protocol-level censorship.

§6.1, Figure 3 evaluation ip-blockingmeasurement-platform generic
The privacy properties of Tor Browser structurally preclude automated telemetry collection, creating a persistent blind spot for diagnosing user experience failures at scale. ReporTor demonstrates that anonymous voluntary in-situ reporting — transmitted over the Tor network and stored in a password-protected onion-service database — can substitute for telemetry: 119 reports over one month from five expert users sufficed to reproduce approximately half of reported issues exactly and identify root causes for most of the remainder.

§1, §7.1 evaluation measurement-platform