[tor-talk] do Cloudfare captchas ever work?

Joe Btfsplk joebtfsplk at gmx.com
Tue Jun 23 00:15:24 UTC 2015


Thanks for the helpful replies.

On 6/22/2015 9:36 AM, Çağıl P. Şesto wrote:
> "A cdn like clouldflare can track you very easy over various exits, 
> tor currently has 1115 relays that are exits, its possible to mark all 
> of them "malicious" on a blacklist-providers sensor in 15-30 minutes."
Is that actually true?  (they can track you over various exits)
Is that what the design document says? 
https://www.torproject.org/projects/torbrowser/design/#privacy

But, many Tor Browser users  seem to question allowing all scripts by 
default - including 3rd party.
For browser / computer security, as much as anything.

As I understand (roughly paraphrasing), the thinking on allowing JS is,
- many sites won't work fully (or at all) without JS.  Certainly, 
captchas won't.
- if all users have JS enabled, no one stands out.
- Tor Browser design protects against privacy (possibly anonymity) 
issues like cross domain tracking.

On the _latter point_, I'm not as technically advanced as many on this 
list, to fully understand ALL subtleties in the design document.

"Anyway, funny is pirates are using cloudflare too..."
Please explain?

mansour moufid wrote:

"Sometimes I wonder if it's really Cloudflare, or some bad exit node
running a CAPTCHA solving business."

Mansour, to what end would they run a captcha solving business?
If they were, I don't understand how they'd benefit.







More information about the tor-talk mailing list