Why are airline websites blocking access through Tor?
I tried opening the home pages of a few airline websites through the Tor browser and instead of the home page all I see is a low-key page with "Access Denied".
Why would airlines want to prevent access / ticket purchasing through Tor?
Best Answer
This doesn't happen with all airlines, obviously. I tried to visit several airlines with Tor and found I could not access Lufthansa or Air Canada, but I could access British Airways, American Airlines, Air India, Emirates and Etihad.
In the two cases, I saw the following error:
Access Denied
You don't have permission to access "http://www.aircanada.com/" on this server.
Reference #18.acbc3b17.1577480243.f2b7aef9
This error comes from the Akamai CDN, which blocks all Tor exit nodes. Any web site that uses Akamai to serve its content will also, as a side effect, block Tor access. This is not necessarily a decision that those airlines have taken explicitly, but Akamai does offer its customers the option of blocking Tor exits, so they may have chosen to do so, either explicitly or by default. The airline could turn this off, but good luck getting through to the person (or people) who can actually do it or order it done.
Pictures about "Why are airline websites blocking access through Tor?"
Deny all internet access but allow selected websites
More answers regarding why are airline websites blocking access through Tor?
Answer 2
In my experience, it's not just Tor; I have found that many companies either block or restrict access via VPN networks. Sometimes the restriction is subtle (e.g., Hilton often reports a login error if I am access it it via a VPN, American Airlines often just spins and never loads when I am on a VPN). I assume they believe that VPN users are more likely to be conducting attacks attempting to gain access to users' accounts to fraudulently redeem points/miles, gain access to the site itself, or some other malicious activity.
Answer 3
Tor is blocked by airlines most probably not due to "security" concerns, but rather because airline websites are notorious for using all manner of browser traffic/history sniffing to alter the price for different customers to maximize the ticket price.
To test this out, visit a few airline websites in Private Mode versus Normal Mode in your browser. Its not unusual to see some price differences for the same flights between the two. The airline companies are highly vested in tech that tries to detect when you are price insensitive for flights (like regular trips back home to visit families) and will raise the price accordingly.
Since Tor effectively stops that kind of browser tracking right at the root, it is simply in the airlines best interest to shut down at the root as soon as Tor is detected. Everyone would be writing their airline price crawlers under Tor if such a trick was possible.
In opposition to the assertion regarding the airlines doing it for credit card fraud, I would be suspicious of this simply given that the fact that a lot of other large sites still allow card purchases under Tor browsers.
Sources: Stack Exchange - This article follows the attribution requirements of Stack Exchange and is licensed under CC BY-SA 3.0.
Images: Lisa, Tranmautritam, Christina Morillo, Julia Volk