To begin with, the Tor group wants evidence. It's asking CloudFlare how it got to that 94 percent figure, and doesn't explain how its internet address reputation system (which gauges the trustworthiness of a given connection) works. The project also doesn't buy CloudFlare's argument that it's being relatively gentle. Many Tor users get stuck in CAPTCHA loops or failures, and it's very difficult to get off of the naughty list once you're on it. If CloudFlare decides that a Tor connection's internet address is shady, it frequently doesn't lift this effective ban -- many honest people are locked out, and it creates lots of false positives that give the Tor service a bad name.

At last check, the Tor project was waiting on answers before things went any further. However, CloudFlare has already said that a compromise is possible, such as a stricter cryptographic hashing algorithm (which would help CloudFlare whitelist Tor traffic) and asking users to perform a proof-of-work test to prove that they're humans. The two outfits don't have to be at odds, in other words -- it may just be a case of finding common ground.