Background sob story, you can safely skip to the next partFor the last few weeks I've been having a horrible time browsing Bitcointalk. It seemed like every other click would result in a random secure connection error, or a time out. I'm using a Tor Browser, which is otherwise excellent. Requesting a new a new Tor circuit usually helps for a few seconds. It got so bad that I would have to request a new circuit on e.g. the watchlist page, then open 10-20 threads in new tabs as quickly as I can so that I could read them. There was very little chance to get to the next page in a thread without getting a new circuit.
tl;dr:I'd like to know if anyone has experienced any Tor issues lately. For me the problem went away when I disabled Alt-Svc in Tor Browser. I wouldn't recommend messing around with Alt-Svc unless you know exactly what you're doing. I'm just curious if this was some unique-to-me clusterfuck or a more widespread issue.
What is Alt-Svc?The Alt-Svc HTTP response header is used to advertise alternative services through which the same resource can be reached. An alternative service is defined by a protocol/host/port combination.
That doesn't tell us anything interesting. The best I can figure out is that this can be useful in some load-balancing scenarios. One nasty thing that needs to be noted about this is that the URL in the browser doesn't change so you would never know that your browser is connecting to a different site than the one shown in the address field.
Enter CloudflareI know we all love Cloudflare like we love our families, i.e. we don't have a choice. It's essentially Internet 3.0 and it sits between us and many of the sites we use, including Bitcointalk. It also tends to fiddle with things that it shouldn't, such as DNS and yes, the Alt-Svc header. Basically: if Cloudflare thinks that you're coming from Tor it will send Alt-Svc header to your browser telling it to connect to a Cloudflare onion (<somerandomstring>.onion) site instead.
Onion sites are great in theory as they exist "inside" the Tor network so you can connect to them without using Tor exit nodes, thus avoiding some surveillance and attack vectors. However there seems to be something broken with the Cloudflare onion implementation or the way Tor Browser handles it or both, at least in my case. I can't think of anything wrong on my side though. It's a vanilla install of Tor Browser on an otherwise empty VM.
SolutionUnfortunately I don't know how to debug this issue or what the proper solution would be. Since I'm not concerned about exit nodes I simply disabled the Alt-Svc option in Tor Browser. It's a relatively new feature (I believe Cloudflare started doing it a couple of years ago but stable versions of Tor Browser had it initially disabled; not sure when the option was enabled) and I don't see any benefit for it when connecting to a known HTTPS site.
Anyone experiencing similar issues? With Tor Browser or without? Is it really onion-related or just some bizarre coincidence?