You wonder why we don't propose replacing all of DNS with Tor .onion addresses? After all, it's so easy to remember/verify that DuckDuckGo is https://3g2upl4pq6kufc4m.onion/
It is easier than ever to brute force generate a readable Tor address. Even with my 2010 graphics card I generated superkuhbitj6tul.onion (for my superkuh.com and superkuh.bit (namecoin) domains) in about 30 minutes. With todays graphics cards you can go much further than that number of characters.
But yeah, there's still the trailing sequence and companies that don't understand how simple that is.
Even if you made this a one click service the trailing characters are going to be a killer. Companies care a lot about their brand. And it would require a total mindset change for people to verify that they are going to superkuhbitj6tul.onion and not superkuhbit6g4tfr4.onion by verifying the cert that was offered up by the destination site.
You mean superkuhbit6g4tf.onion. Although longer Tor based address hashes are coming soon for better security (https://blog.torproject.org/tors-fall-harvest-next-generatio...) so the trailing length of random chars will be even longer. Kind of mitigates my objection.
Still, Tor hidden services come with DoS/DDoS protection built in as well. Something Cloudflare and it's centralized service doesn't like to acknowledge.
Cloudflare's business is providing DoS mitigation. Cloudflare blocks Tor users by default. Tor provides DoS protection for free. It's no citation but it's certainly reason to believe.
That's great news. I looked it up and it seems like it's almost been 2 years; not a very long time. I understand defaulting to re-captcha is a compromise and no better option exists for Cloudflare but you'll have to excuse me for not noticing the difference when I encounter "Your network is sending out automated queries" so often it's effectively a block.
