[tor-talk] do Cloudfare captchas ever work?

Joe Btfsplk joebtfsplk at gmx.com
Sun Jun 21 02:30:11 UTC 2015 

Just to clarify (to all that replied) - I have JS enabled.  At least, 
when trying to get captchas to work.
Then, I'm using Tor Browser's default settings for NoScript.

I just tried a couple of sites w/ Cloudfare.
Today, it worked, but not on the 1st try - even with legible house numbers.
But today I also checked the exit relay country, when it worked.  It was 
in a "well behaved" European country.

Other times when Cloudfare didn't work, I didn't always think to check, 
to see if there's any pattern to Cloudfare not working & specific exit 
relay countries.

FYI - for others, when using _vanilla Firefox_ & AdBlock Plus (or 
similar), Cloudfare doesn't like it.  Even if NoScript is set to allow 
all scripts.
Maybe because of blocking ads, but also maybe because ABP blocks some 
scripts.  Depending on the target site, some of those may be 3rd party 
scripts (for CDNs, or....) that Cloudfare requires to be allowed, before 
they'll allow the captcha to work.


On 6/20/2015 6:35 AM, Lars Luthman wrote:
> On Fri, 2015-06-19 at 22:38 -0500, Joe Btfsplk wrote:
>> Does anyone have any meaningful success rate with Cloudfare captchas in
>> Tor Browser?
>>
>> Using default browser installation & settings?
>> I so  rarely have success, that I immediately close tabs for sites
>> presenting Cloudfare.
>> Even when the puzzle is clearly legible (rarely), it still doesn't work.
>> Not for me - with default TBB settings or even allowing 1st party
>> cookies from the target site.
>>
>> If others have even partial success, what's the secret?
>> Getting a different exit relay/ exit country / exit IPa?
> That's the only way that ever works for me. Or turning Javascript on,
> but I don't want to do that for HTTP sites.
>
> With Javascript on you usually get easier captchas that often let you
> through when you get them right. With Javascript off you get the
> captchas that look like the names of Lovecraftian deities distorted
> through non-Euclidean geometries that are difficult even for us humans
> to solve, and even when you definitely solve them you aren't allowed
> through but just get presented with another captcha, and another, and
> another, ad infinitum.
>
> Switching to different exits helps, but you often have to switch 10 - 20
> times in a row before you hit an exit relay that Cloudflare in their
> benevolent wisdom has deemed good enough to be allowed to view the web.
> And even then you usually just get a few minutes before the gate is
> slammed shut and you're back with the captchas.
>
> I suspect that the new exit-switching feature in Tor Browser has made it
> slightly worse by putting more load on the few exits that are allowed
> through at any given time, making it more likely that Cloudflare will
> think it's some sort of DoS attack or automated scraper and block it.
> Cloudflare has essentially broken the web for Tor users.
>
> For some reason web proxies like hidemyass.com never seem to be blocked
> by Cloudflare so one (annoying) solution is to use one of those with Tor
> Browser.
>
>
> --ll
>
>

More information about the tor-talk mailing list