[tbb-bugs] #24321 [Applications/Tor Browser]: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare captcha madness!
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 31 05:24:58 UTC 2017
#24321: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare
Reporter: cypherpunks | Owner: tbb-team
Type: task | Status: assigned
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #18361 | Points:
Reviewer: | Sponsor:
Comment (by nullius):
Replying to [comment:27 cypherpunks]:
> Copied from add-on's review. This Mr/Mrs. Alexander didn't understand
how Cloudflare works.
> [...well said...]
>> Makes using TOR bearable again!
>> Occasionally I use TOR for a few hours while browsing to to get a feel
>> for how it feels like to browse the web when you're not connected using
>> a (mostly) stable and (mostly) AAA broadband connection.
>> Until this extension arrieved: Terrible!
>> It'd just be CAPTCHA after CAPTCHA, after CAPTCHA… One really doesn't
>> realize how mighty CloudFlare is until one spends some time using TOR
The ironic part is, '''a CAPTCHA is an denial-of-service''' on two
different levels: It denies service to connections which for any reason,
including conscious choice, do not abjectly submit and jump through
CAPTCHA hoops; and '''it denies wetware service, stealing away time from
the life of a human being.''' By distributing its DOS across a claimed
six million different websites, '''Cloudflare is an anti-human DDoS.'''
“CAPTCHA madness” long ago reached the point that I question whether
anybody who fills out CAPTCHAs on demand be actually human. Who
robotically obeys arbitrary orders to complete tedious tasks which would
numb the mind of any human? Why, a robot!
Myself, I stopped Cloudflare’s DDoS against my limited lifetime by
installing this extension in my Tor Browser:
Now, I don’t see any more Cloudflare CAPTCHAs. None! Never! Problem
When will people grow some spine, and learn to “vote with their feet” (or
I also ban Gmail correspondence from my personal life. E-mailing me is a
privilege, not a right; and even with PGP, Google gets all the metadata
(date/time, social graph...).
Likewise, I don’t want a man-in-the-middle decrypting my TLS connections
throughout some obscene proportion of my web sessions. A site uses
Cloudflare? With very few, very limited exceptions, my answer is: Bye!
Privacy is important; and if the Tor Project desires to promote privacy,
then they should encourage Cloudflare to throw as many CAPTCHAs as
possible until Cloudflare destroys their customers’ traffic stats and user
In my opinion, Cloudflare’s policy should be: CAPTCHAs for everybody!
CAPTCHAs, day and night! CAPTCHAs for Tor, and non-Tor, too—minute-long
CAPTCHAs, hour-long CAPTCHAs, CAPTCHAs sixscore times per day.
Eventually, people would realize that when Cloudflare demands that you
drive a “self-driving” car AI for Google, the only way to win is not to
play. Only the sanity of those who refuse “CAPTCHA madness” can stop
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24321#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs