[tor-bugs] #10809 [BridgeDB]: reCAPTCHA on bridges.torproject.org are impossible to solve for humans
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 10 14:46:35 UTC 2014
#10809: reCAPTCHA on bridges.torproject.org are impossible to solve for humans
--------------------------+----------------------
Reporter: lunar | Owner: isis
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------+----------------------
Comment (by massar):
[..]
> Before I go any farther, there are the following open questions about
doing local captcha generation:
> 1. Can this run on a headless server?
Likely yes (in the extreme case just run a X server inside VNC or so);
likely the biggest problem is the amount of random that is available to
the system, hence a hardware rng should be present on the box.
> 2. This is highly resource intensive, on my laptop it took ~8 minutes
to generate 2,000 captchas. Can BridgeDB handle this? Should we run it
elsewhere and sync them to BridgeDB?
If would suggest having one or more machines supply a bunch of captchas in
bulk to BridgeDB. Do we have an idea of how many queries are being made at
the moment? It should then be easy to provide a daily bunch of captchas to
the host.
> 3. Is this something we want?
I would say, yes IMHO, as the current captchas are unreadable. Also they
depend on an external rather untrustworthy entity (IMHO); though they are
unable to see the source of the queries, they can at least see that
queries are being made, how many there are etc and possibly correlate them
with other events that they have their eyes on (eg if people are silly and
use their public DNS system...).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10809#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list