Eh, I really doubt that it's designed to punish people who aren't tracking. Tracking makes users much more valuable, but the average legitimate user who isn't being tracked is still probably net positive value, so it wouldn't make sense to just block them outright.
I think the problem is that a very high percentage of malicious behavior online comes from Tor, certain IP ranges, VPNs, scrapers that don't run Javascript, etc, etc. You can't get rid of all of those malicious actors, but you can probably block the vast majority of them by taking the actions you're complaining about here, and I suspect that it doesn't actually cost you that much. You get some cranky nerds and some legit users who are using Tor and VPNs who won't be able to use your site, but they're a tiny minority.
Cranky nerd here. I've tried to use Tor to access websites for legitimate purposes and found much of the web has become unusable recently.
But perhaps you need a motivating example, since you don't think there's any value in supporting Tor! I'll give you some.
- Security researcher wishes to contact an organization about a security hole in their site or product, but doesn't know if they'll be sued, so they want to protect their identity. (source: this is me; have met other people doing this)
- Pedophile (who doesn't want to be one) seeking therapy options that don't involve a high risk of being incarcerated or killed. (source: read an article about this)
- Teenager in a repressive environment trying to access LGBTQ resources; parents have a netfilter on, or maybe have snoopware on the router. (source: several acquaintances)
- Chinese citizen trying to find a different view of history (source: pretty freaking common, although Great Firewall makes it tricky)
These are people who don't have other, good options. And you'll need to be able to withstand the sizeable quantities of malicious traffic that don't come through Tor, so it's not like you really win anything. It's worth not blocking Tor.
But perhaps you need a motivating example, since you don't think there's any value in supporting Tor!
I never said that.
I do think that the onus is on you to explain to whatever company you're railing against here why its in their best interest to welcome Tor traffic, particularly if it will make them more vulnerable. And sorry, to me you're not doing a good job of making that case. These examples seem like edge cases for the vast majority of websites. If I was blocking Tor (I'm not), I wouldn't reconsider my position from these scenarios. The cost is simply too high for too little benefit to too few people, probably none of which are my target audience.
And just to be clear, I truly understand the value of Tor and similar projects, and I hope we get more of them and they're more widely supported. But they come with real downsides too, so it's not surprising to me that many businesses and governments aren't going to out of their way to support them. That's the price you pay.
You need to provide fiscal value or convince the operations team of legitimate companies to not treat Tor as a bad apple. It may not be right but money is the only motivating example that matters to companies.
I think the problem is that a very high percentage of malicious behavior online comes from Tor, certain IP ranges, VPNs, scrapers that don't run Javascript, etc, etc. You can't get rid of all of those malicious actors, but you can probably block the vast majority of them by taking the actions you're complaining about here, and I suspect that it doesn't actually cost you that much. You get some cranky nerds and some legit users who are using Tor and VPNs who won't be able to use your site, but they're a tiny minority.