So, a question about the TOR browser

Earlier today I downloaded something from rapidgator using Firefox.

When you download something for free from rapidgator, you have to wait at least two hours before the next download.

Thirty-five minutes later, I tried to download something else from rapidgator using the TOR browser this time.

And rapidgator said I had to wait at least two hours between downloads.

I thought TOR hid my IP address. How did rapidgator know I didn’t wait the required two hours between downloads?

Probably a cookie? Certainly, IP address by itself is not very meaningful for user fingerprinting, since it’s too easy to spoof and also too easy to get a false positive.

The first possibility that comes to mind is that someone else had downloaded a file from them less than two hours ago, using the same endpoint. Rapidgator is not an unpopular site, especially among the type of people who would use Tor.

In case you don’t know, the way Tor works is that you send your request to another computer on the Tor network, which then sends that request to another computer, and so on, until it finally gets sent to a computer which will actually access the site. There’s always some IP address that actually has to try and download the file.

A second possibility is that whatever they use to check isn’t compatible with the way Tor handles things–whether intentionally or unintentionally. They don’t want users to be able to get around their download restrictions. It’s possible that you always get that message if you use Tor, as a way of saying “stop trying to get around the wait.”

Finally, it could be Tor itself that is set up not to allow it, since the service has rather low bandwidth, and they don’t want you using it up.

But I’d most likely suspect option 1. Someone else has used Tor for Rapidgator, and happened to be routed to that same endpoint.

Your download site can tell that you are using the Tor browser, so maybe they block all activity from Tor. Did you try after 2 hours using Tor, and did it work?

I hadn’t thought of that, gnoitall. I’ll test out that idea tomorrow. Thanks.

<< removed by poster >>

I did, TroutMan. Once the two hours were up, everything worked just fine again.

Interesting ideas, BigT.Thank you.

If TOR gave a website access to cookies created by another browser, that would be a serious bug. It doesn’t do that.

Tor runs its own copy of a browser? Not cookies, then.

Maybe other system fingerprinting techniques not involving IP. Maybe an assumption that anyone connecting through Tor is trying to circumvent the timer.

Maybe something unmentioned, like OP was logged into the website using the same credentials both times.

When you use TOR you’re sharing an exit node (IP address) with thousands of users. One of them tripped RapidGator’s rate limit, and everyone on the exit node got punished with a 2-hour wait. You could work around it by disconnecting TOR and reconnecting, which would give you a new exit node that wouldn’t be affected by that event (but possibly by a different person doing the same thing).

So the 2-hour wait is nothing to do with you, the website doesn’t know anything about your IP. You’re just sharing an IP address with other people, meaning that you’re affected by any IP-based traffic regulation that they happen to activate.

Typically. There used to be a firefox plugin that could turn TOR on and off within the regular browser, but I think that it certainly eliminated access to cookies and also they don’t do that anymore because it was too buggy.

Moderating

IANAL, but it seems to me that this falls under theft of services, which is illegal. This thread is therefore closed.

If someone has more knowledge of the legalities involved, feel free to send me a PM.