[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 19:28:39 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by toruser2016):
I am not affiliated with Tor itself, I am just a normal web user, who
occasionally uses tor, and I am also a cloudflare user in the sense that I
am a user / visitor of sites "protected" by cloudflare. I find the status
quo frustrating and disappointing. I can't understand why CF have so much
trouble with implementing working captchas.
==Overview==
1. It is widely accepted that there is a problem here.
2. Cloudflare have been trying for months if not years to solve it.
3. So far CF's attempts to solve this problem have been a failure.
Why is it so hard for Cloudflare to solve this??
There are two tracks here, better not to confuse them.
The first track is the "intended" status quo, which involves giving up
Captchas now and then to tor users, to force them to identify as human
before they can browse a page. It is supposed to work but it doesn't.
Apparently changes were made recently, but people still report the endless
captcha cycle, unsolvable captchas, it doesn't work on the android tor
browser Orfox etc etc. Personally, I think if this actually worked as
intended (captchas were actually solvable etc), I would be a lot happier.
I don't mind solving captchas every so often, I had to solve one to
register for trac.torproject.org!.
The second track is more complex solutions to the general problem of
identifying good actors and bad actors, zero knowledge proofs and all the
rest of it. These are complex solutions to hard problems and I think
these discussions should come later. If CF are not willing or able to
solve the simple "serve up a captcha that works" problem, there is no hope
for them to implement a hard solution to this. Forget the second track
for now.
So my question is to Cloudflare, their CTO was on here earlier. Why
exactly are you not able to just implement a Captcha system that works??
Seriously, is it that hard? As far as I know, you have recently moved
over to serving up Google captchas, but it still doesn't work? Is CF's
CTO really OK and comfortable with the fact that his team couldn't
implement this after apparently trying for a few years? Seriously!!
Captcha's as a concept have been around for a pretty long time now.
== Never attribute to malice that which is adequately explained by
stupidity ==
Personally I don't believe CF are deliberately making the internet hard to
use through Tor due to some nefarious conspiracy with the lizard men, but
we should accept that the status quo suits the NSA very nicely. It was
made clear in the Snowden leaks that GCHQ, the NSA etc would like people
to stop using Tor, so I am sure they are very happy to see CF make general
web browsing difficult and frustrating for ordinary users. The longer the
situation persists, the less adequate "stupidity" is as a reason for
Cloudflare's inability to solve this. It's time for CF to step up and fix
their captchas, which they have claimed they will do on a number of
occasions in recent months.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:66>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list