[tor-bugs] #24607 [Circumvention/BridgeDB]: CAPTCHAs on BridgeDB seem to be getting more difficult

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 27 23:44:38 UTC 2020 

#24607: CAPTCHAs on BridgeDB seem to be getting more difficult
-------------------------------------------------+-------------------------
 Reporter:  alison                               |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/BridgeDB               |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  anti-censorship-roadmap-november,    |  Actual Points:
  s30-o22a2                                      |
Parent ID:  #31279                               |         Points:  5
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-must
-------------------------------------------------+-------------------------
Changes (by phw):

 * cc: cohosh (added)


Comment:

 Cecylia had a chat with isis, who helpfully pointed out that BridgeDB
 serves a static set of pre-compiled CAPTCHAs. This set currently contains
 10,000 CAPTCHAs, which were last updated in February 2014. (On an
 unrelated note, there's a good chance that the GFW isn't in fact using a
 classifier to break our CAPTCHAs (see #32117) – it may have just solved
 these CAPTCHAs and then continued to recycle them.)

 The tool [https://github.com/isislovecruft/gimp-captcha gimp-captcha] was
 last used to generate CAPTCHAs for BridgeDB. I made the code work on
 Debian buster and GIMP 2.10, and then experimented with making the
 CAPTCHAs easier to solve. In particular, I did the following:
 * Increase the spacing between letters.
 * Reduce the maximum angle tilt of letters.
 * Made the letters darker.

 Here are three examples:
 [[Image(AeuJxyNG.jpg)]]
 [[Image(N9f7J4js.jpg)]]
 [[Image(NZP9gfAJ.jpg)]]

 And here are two CAPTCHAs as they are currently used by BridgeDB:

 [[Image(Screenshot from 2017-12-12 17-41-53.png​)]]
 [[Image(Screenshot from 2017-12-12 17-41-23.png)]]

 In the long term, we should be moving away from CAPTCHAs but in the short
 term we can re-generate a new set that's easier for users to solve. Our
 BridgeDB metrics reveal (an approximation of) the success rate at which
 our users solve CAPTCHAs. We should deploy a new batch and then refine the
 CAPTCHAs if the success rate doesn't improve significantly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24607#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list