[tor-bugs] #33010 [Metrics/Exit Scanner]: Monitor cloudflare captcha rate: do a periodic onionperf-like query to a cloudflare-hosted static site

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 22 03:23:32 UTC 2020


#33010: Monitor cloudflare captcha rate: do a periodic onionperf-like query to a
cloudflare-hosted static site
----------------------------------+------------------------------
 Reporter:  arma                  |          Owner:  metrics-team
     Type:  task                  |         Status:  new
 Priority:  Medium                |      Milestone:
Component:  Metrics/Exit Scanner  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:  network-health        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+------------------------------

Comment (by cypherpunks):

 There is also case where only subresource requests trigger captcha, but is
 not displayed to user. This make sites break and no way for resolve
 because user cannot see captcha!

 Example site https://kiwiirc.com/nextclient/

 Open network panel in dev tools and visit link. You will see that
 javascript resources are 403 forbidden and require captcha, but this not
 displayed to user. If you open 403 urls in url bar, is working without
 problem. Difference is Accept header.

 Only one thing worse than reCRAPtcha is invisible reCRAPtcha. At least
 visible captcha I can solve and access site. Invisible captcha is just
 access denied without telling you.

 What is point of captcha if cannot be seen, cloudflare?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33010#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list