I missed this! This is great news and frankly deserves a mention on CF's really nice company blog so that as many site owners as possible learn about the new granularity for Tor.

As a Tor relay operator and CF customer, I've been really split on the effects of CF's power. After all, blocking heuristics is just what I need.

Part of my job is maintaining a bunch of viral WordPress sites on a small budget. In addition to the crazy bandwidth and responsiveness a CF pro subscription buys you, the service really is a small biz secops dream machine. I can actually focus on writing when I just put sites behind CF.

Maybe it's Appelbaum's fate to be the Stallman of any tech with mass surveillance potential. That's not an insult and it's good to have immutable critics of centralized infrastructure. But it's certainly a bit tiresome sometimes.

The options presented by CF seem to hit a nice balance. Making blanket Tor blocking an enterprise-only feature is a nice touch. In the spirit of that, it'd maybe make sense to also make JS challenge the default for new Cloudflare domains?

Now, if there only was some magic beyond keyless ssl to get rid of the MiTM aspect...