Healthcare.gov has turned out to be quite a fiasco. During the first days of operation I tried to access the site and always received a 403 (unauthorized access) error. I assumed this error was being kicked out because of the site’s general instability. As it turns out, my Internet Protocol (IP) address has been added to Healthcare.gov’s list of banned IP addresses. The reason for this was made apparent on the tor-talk mailing list:
I’ve been running a Tor Relay (not an exit node) from my home for quite a while now, and up to this point have not encountered any issues accessing any sites. However, today I attempted to access https://www.healthcare.gov, and received a HTTP 403 response and a pretty standard 403 message. To test my hypothesis, I also tried accessing the site via the Tor network — and received the same message. In the meanwhile, a friend who does not operate a Tor relay was able to access the site. Could anyone else with a public relay confirm this issue — and if confirmed, would someone from the Tor Project be kind enough to contact the appropriate parties and explain why blocking Tor relays is a silly thing? I’d do it myself… but alas, I cannot reach the site to see who the appropriate parties would be 🙂
In February I setup a Tor relay on a Raspberry Pi, which has been running continuously ever since. The operators of Healthcare.gov have decided to ban any IP address operating a Tor relay, whether it is an exit or non-exit relay, from accessing the site.
It’s not uncommon for websites to block IP addresses operating Tor exit relay. Malicious individuals wanting to attack a site anonymously can and have used the Tor network. But I’m unaware of any website that has blocked IP addresses operating non-exit relays. There’s no reason for doing so since anonymized Tor traffic never exits from a non-exit relay. The only function non-exit relays have is to forward traffic from one node in the Tor network to another node.
The Affordable Care Act (ACA), and by extension Healthcare.gov, are as much political messages as they are laws. By blocking every IP address that is operating a Tor relay the message is effectively this: defenders of Internet freedom need not apply for health insurance. In all likelihood this decision, like most of the decisions revolving around Healthcare.gov, is the result of incompetence, not outright malice. But I also believe this problem is unlikely to be addressed since the current government (from Congress to the presidency to the appointed bureaucrats) has demonstrated an opposition to Internet anonymity.