[tbb-bugs] #24321 [Applications/Tor Browser]: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare captcha madness!

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 31 05:24:58 UTC 2017

#24321: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare
captcha madness!
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  task                      |         Status:  assigned
 Priority:  Low                       |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #18361                    |         Points:
 Reviewer:                            |        Sponsor:

Comment (by nullius):

 Replying to [comment:27 cypherpunks]:
 > Copied from add-on's review. This Mr/Mrs. Alexander didn't understand
 how Cloudflare works.
 > [...well said...]
 >> Makes using TOR bearable again!
 >> Occasionally I use TOR for a few hours while browsing to to get a feel
 >> for how it feels like to browse the web when you're not connected using
 >> a (mostly) stable and (mostly) AAA broadband connection.
 >> Until this extension arrieved: Terrible!
 >> It'd just be CAPTCHA after CAPTCHA, after CAPTCHA… One really doesn't
 >> realize how mighty CloudFlare is until one spends some time using TOR

 The ironic part is, '''a CAPTCHA is an denial-of-service''' on two
 different levels:  It denies service to connections which for any reason,
 including conscious choice, do not abjectly submit and jump through
 CAPTCHA hoops; and '''it denies wetware service, stealing away time from
 the life of a human being.'''  By distributing its DOS across a claimed
 six million different websites, '''Cloudflare is an anti-human DDoS.'''

 “CAPTCHA madness” long ago reached the point that I question whether
 anybody who fills out CAPTCHAs on demand be actually human.  Who
 robotically obeys arbitrary orders to complete tedious tasks which would
 numb the mind of any human?  Why, a robot!

 Myself, I stopped Cloudflare’s DDoS against my limited lifetime by
 installing this extension in my Tor Browser:



 Now, I don’t see any more Cloudflare CAPTCHAs.  None!  Never!  Problem

 When will people grow some spine, and learn to “vote with their feet” (or
 their clicks)?

 I also ban Gmail correspondence from my personal life.  E-mailing me is a
 privilege, not a right; and even with PGP, Google gets all the metadata
 (date/time, social graph...).

 Likewise, I don’t want a man-in-the-middle decrypting my TLS connections
 throughout some obscene proportion of my web sessions.  A site uses
 Cloudflare?  With very few, very limited exceptions, my answer is:  Bye!

 Privacy is important; and if the Tor Project desires to promote privacy,
 then they should encourage Cloudflare to throw as many CAPTCHAs as
 possible until Cloudflare destroys their customers’ traffic stats and user

 In my opinion, Cloudflare’s policy should be:  CAPTCHAs for everybody!
 CAPTCHAs, day and night!  CAPTCHAs for Tor, and non-Tor, too—minute-long
 CAPTCHAs, hour-long CAPTCHAs, CAPTCHAs sixscore times per day.
 Eventually, people would realize that when Cloudflare demands that you
 drive a “self-driving” car AI for Google, the only way to win is not to
 play.  Only the sanity of those who refuse “CAPTCHA madness” can stop
 CAPTCHA madness.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24321#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list