You’re being lied to. Tor is 2 hops, not 3 – Simplified Privacy

1 Like

Wait a minute. This guy thinks that because the person operating the exit relay uses Cloudflare as a reverse proxy that is equivalent to Cloudflare operating the relay?

How come when I search for Cloudflare’s ASN on Tor Metrics nothing comes up?


This article doesn’t provide any links to external, reputable sources like the Tor Project, so readers have to believe the word and methods of the author.

Also, when I see the domain on which this article is hosted, I can’t help but think about this recent comment in a different thread: Mullvad Using Gmail - #21 by dngray

From what I’ve seen that Simplified Privacy spams a lot, in fact I’ve deleted a few of their posts on our lemmy sub because they were prolific with the blogspam posts.

Not related to the article's contents, but huge red flags I noticed about simplifiedprivacy

Products – Simplified Privacy

Linux Tech Support Info – Simplified Privacy

If you try to get support on your own via public forums, you will likely have to do a lot of work on your own with the solutions they will give you. Since they’ll just give you a one sentence answer that could take you days or weeks to implement, while as we’ll walk you through each step of the way. Also, these random forum participants often don’t even know the correct way to solve your issues.


The article is simply just factually wrong.

Cloudflare runs onion services for every site they host, to tell apart Tor circuits (as in by the unique id chosen by the client, not by some unintended means).

Connecting a clearnet site looks like this:

You → Guard Relay → Relay → Exit Node → Website

On the other hand, an onion service is different:

You → Guard Relay → Relay → Rendezvous Relay → Relay (optional) → Guard Relay (optional) → Hidden Service

The optional nodes can be disabled, and in this case the Hidden Service is ran by Cloudflare. So the final chain you end up with is

You → Guard Relay → Relay → Rendezvous Relay → Cloudflare

I’m pretty sure in my math skills, and no matter how I count, that’s three.

And this operation is not exactly a secret either, Cloudflare even has a blogpost about it that apparently the writers of that blog post didn’t bother to read: Introducing the Cloudflare Onion Service

If I were you, I’d discontinue believing anything from that site.


Exactly :slight_smile:

Just as the side note, have a look at this screen capture I took just 2 minutes ago:

It wasnt me who added it to list of blocked sites.

It seems that we are not being lied to by Tor (or whoever author think we are being lied to by); we are being lied to by PrivacySimplified :slight_smile:

That website is terrible. Everyday a new low-quality article with a lot of mistakes and inaccuracies.


Just to add something here: (almost) everyday we are being served with new lie.

1 Like

I’m interested in knowing why the exit node the author used had a Cloudflare IP address, despite Cloudflare not running any relays on that IP space as @deadorbit pointed out above.

My suspicion is that this is a misconfiguration on’s end, because I get the same result as the author while visiting via an exit node hosted by Hetzner, not Cloudflare: uses Cloudflare themselves, so the most likely scenario is that their webservers aren’t configured to handle incoming IPv6 traffic from Cloudflare correctly and erroneously report the address of their CDN as your IP, rather than your actual IP.

Perhaps the author should use a better tool to determine the real IP of their exit node, or look at the IP shown by Tor Browser itself as highlighted above lol


The IP space is owned by Cloudflare, but not routed on the public internet: Prefix not found - They use it as the “original ip” for Tor connections received over the onion service.

It is not a misconfiguration on speedtest’s end, it is simply just Cloudflare lying about it, because the alternative would be worse.

I asked in the Cloudflare developers Discord and their best guess was something to do with this: Onion Routing and Tor support · Cloudflare Network settings docs

Specifically this part:

Tor Browser users receive an alt-svc header as part of the response to the first request to your website. The browser then creates a Tor Circuit to access this website using the .onion TLD service provided by this header.

You should note that the visible domain in the UI remains unchanged, as the host header and the SNI are preserved. However, the underlying connection changes to be routed through Tor, as the UI denotes on the left of the address bar with a Tor Circuit. Cloudflare does not provide a certificate for the .onion domain provided as part of alt-svc flow, which therefore cannot be accessed via HTTPS.

1 Like

Either way the whole reason it shows up at all is because of Cloudflare being used by Speedtest, not because of Cloudflare being used by the exit node (and not because of Cloudflare hosting the exit node themselves), so the blog post is incorrect.

Well when you connect to Speedtest via IPv4 it shows the exit node’s IPv4 address (as one would reasonably expect). I can’t find any documentation which indicates Cloudflare is lying about CF-Connecting-IP data for Tor connections.

Not sure how you tested that, however on your screenshot you can notice your third node is not an exit node, but the rendezvous relay, as you’re using a tor circuit: Relay Search: konfuzius (

Putting the rendezvous node IP in the original IP header would be completely useless, and potentially trip DDoS prevention on the origin server. Therefore, instead of that, Cloudflare uses their reserved but unrouted IP range, and adds the circuit identifier at the bottom couple bits, to prevent this from happening.

This means that the origin server is able to receive an identifier that somehow correlates to the visitor, is not shared by other visitors at the time, and fits into whatever IP parsing happens on their side.

This behavior is indeed not documented, but works somewhat similar to Pseudo IPv4: Pseudo IPv4 · Cloudflare Network settings docs


This article is totally fake.

I will just leave this here:

Yup, and I think from now on we will flag all posts they make, because they are simply a poor quality front to sell consulting services.

There is no reason to send any kind of click through to this crappy website or it’s articles.

It’s also rather obvious by the sheer quantity of shitty articles they churn out “in the name of privacy” the intention is to game SEO.