[tor-dev] Request for feedback/victims: cfc

Jeff Burdges burdges at gnunet.org
Wed Mar 23 16:31:50 UTC 2016 

Thank you, Yawning!  This looks great.  :)


I think Kate was planning on writing up an official position of the Tor
project on the CloudFlare situation.  Amongst other things, it's
expected to contain several strong arguments for convincing sites that
the CAPTCHA does them no good and to make their CloudFlare configuration
more Tor friendly.  Or simply use another CDN like Akamai.

After that appears, one could add a mailto: link alongside the cfc
button, so that users could easily start a dialog with the site where
they encounter a CloudFlare CAPTCHA. 

A mailto: link can have email header and body information like
	mailto:.. at ..?subject=Unreachable from Tor due to CloudFlare
CAPTCA&body=..  
And the body could contain some text derived from whatever Kate writes.

In principle, the mailto: link's destination could determine the site's
contact information from whois : 
 https://stackoverflow.com/questions/8435678/whois-with-javascript 
If that's annoying, then simply placing a unix command like  "whois
[site] | grep Email" into the body along with some explanation should
suffice. 

It's easy enough to do all this with a shell script of course, but if
cfc moves towards many people using it then maybe encouraging people to
email sites will help. 

Jeff




On Wed, 2016-03-23 at 11:00 +0000, Yawning Angel wrote:
> [I hate replying to myself.]
> 
> On Wed, 23 Mar 2016 09:15:36 +0000
> Yawning Angel <yawning at schwanenlied.me> wrote:
> > My "proof of concept" tech demo is what I consider good enough for
> > use by brave people that aren't me, so I have put up an XPI package
> > at: https://people.torproject.org/~yawning/volatile/cfc-20160323/
> 
> I noticed some dumb bugs and UI issues in the version I pushed so I
> changed a lot of things and uploaded a new version that should be
> better behaved.  In particular:
> 
>  * It is now Content Script based, and does IPC so it may survive the
>    transition to sandboxed/multiprocess firefox better.
> 
>  * It will always inject a button into the DOM instead of trying to
>    display browser UI stuff (content scripts are supposed to have
>    isolation...).
> 
>    * The UI selection pref is removed.
> 
>    * The ask on captcha option for behavior is removed, since a button
>      always will be there to bypass it.
> 
>  * Loading lots of pages that end up displaying street signs *should*
>    now behave correctly.
> 
> The old release is under `./old` for posterity.
> 
> Sorry for the inconvenience,
> 
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160323/ade9854b/attachment.sig>

More information about the tor-dev mailing list