There will be times you want to use a website but unfortunately they block Tor users from accessing it. Recently, a website I frequently used through Tor called CivitAI (which is kind of a large repository for AI Image generation models), elevated their cloudflare security level, which began blocking VPN and Tor users. They claimed this was temporary measure, but long after they announced to have lifted the restrictions, I still can’t access it through Tor like I used to. I’ve tried contacting them about the issue, but it seems apparent they don’t have intentions to allow Tor users again soon.
Seeing that a future where Tor is allowed again seems unlikely, but because of the sensitivity of the site’s content (CivitAI has a lot of NSFW stuff), I don’t feel safe utilizing that website outside of Tor Browser even if I’m only interested in SFW stuff, due to the potential fingerprint goldmine for data brokers this could be. I’d like to hear some opinions, whether if using a VPN + Mullvad Browser would lead to a negligible loss in privacy compared to Tor, if I should try convincing them to allow Tor users again, or if I should simply give up in AI images as a whole (since even websites like Huggingface, for as good as they may be, lack the vas amount and variety of content CivitAI has).
NOTE:
I just want peace of mind while using a website without feeling I am being tracked everywhere, which is why I like and prefer using Tor (despite it not being a silver bullet and having download speeds of 500KB/s to 1MB/s while downloading GBs of files) instead of simply using a VPN + Mullvad Browser.
If you’re really willing to go the extra mile, you could pay Mullvad with XMR and do VPN over Tor, using your anonymously paid-for VPN as an “exit node”.
You mean something like this? (Device → Tor → VPN → Website)
While that sounds like an interesting idea, I don’t have the means to perform anonymous payments in the near future due to circumstances, so the closest I could achieve to Mullvad paid anonymously would be ProtonVPN with the free tier, which only has 5 servers available which may potentially be blocked by cloudflare already due to abuse.
I also have a few concerns with this idea, since I’m still unsure how much of a compromise (regarding fingerprinting) would it be using Mullvad Browser + VPN compared to Tor. I’m also not very experienced with setting up said method (Device → Tor → VPN → Site), but I hope it’s not too difficult, should I go through that path.
Please note that this configuration is explicitly not recommended in the Tor Overview on the Privacy Guides Knowledge Base:
We very strongly discourage combining Tor with a VPN in any other manner. Do not configure your connection in a way which resembles any of the following:
You → Tor → VPN → Internet
You → VPN → Tor → VPN → Internet
Any other configuration
Some VPN providers and other publications will occasionally recommend these bad configurations to evade Tor bans (exit nodes being blocked by websites) in some places. Normally, Tor frequently changes your circuit path through the network. When you choose a permanent destination VPN (connecting to a VPN server after Tor), you’re eliminating this advantage and drastically harming your anonymity.
I am aware. My description of said configuration was mainly trying to confirm what the first reply suggested, as well as presenting my concerns regarding it.
One thing I’m still concerned about is browser fingerprinting, which is why I’m still not comfortable enough with using the site with Mullvad Browser. However, I have an idea that could perhaps work, but I’m not sure on some of the details.
The site appears to offer logged in users an API key, and since you need an account to download most of it’s models to begin with, perhaps I could use an open source locally hosted application which supports using said API key to download the CivitAI models. Wouldn’t this mean I won’t have to deal with being browser fingerprinted, as I’m not accessing the website itself. I don’t know if this is how it really works and could be completely wrong however, which is why I’m asking if this is a good or bad idea.
I haven’t tested this myself, but the site claimed blocking VPN users was unintended and should no longer be blocked now, although I haven’t tested it myself (and Tor remains blocked).
Before, the site used to allow VPN and Tor users before an issue with the site or cloudflare (since that’s what does the blocking).