[tor-bugs] #10809 [BridgeDB]: reCAPTCHA on bridges.torproject.org are impossible to solve for humans

[Tor Bug Tracker & Wiki]

#10809: reCAPTCHA on bridges.torproject.org are impossible to solve for humans
--------------------------+----------------------
     Reporter:  lunar     |      Owner:  isis
         Type:  defect    |     Status:  accepted
     Priority:  normal    |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+----------------------

Comment (by massar):

 [..]
 > Before I go any farther, there are the following open questions about
 doing local captcha generation:
 >   1. Can this run on a headless server?

 Likely yes (in the extreme case just run a X server inside VNC or so);
 likely the biggest problem is the amount of random that is available to
 the system, hence a hardware rng should be present on the box.

 >   2. This is highly resource intensive, on my laptop it took ~8 minutes
 to generate 2,000 captchas. Can BridgeDB handle this? Should we run it
 elsewhere and sync them to BridgeDB?

 If would suggest having one or more machines supply a bunch of captchas in
 bulk to BridgeDB. Do we have an idea of how many queries are being made at
 the moment? It should then be easy to provide a daily bunch of captchas to
 the host.

 >   3. Is this something we want?

 I would say, yes IMHO, as the current captchas are unreadable. Also they
 depend on an external rather untrustworthy entity (IMHO); though they are
 unable to see the source of the queries, they can at least see that
 queries are being made, how many there are etc and possibly correlate them
 with other events that they have their eyes on (eg if people are silly and
 use their public DNS system...).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10809#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online