[tor-talk] CloudFlare blog post

Joe Btfsplk joebtfsplk at gmx.com
Wed Mar 30 20:19:09 UTC 2016 

On 3/30/2016 10:01 AM, Philipp Winter wrote:
> I also wonder how effective your CAPTCHAs really are. Deep learning 
> techniques suggest that bots are about to become just as good, or even 
> better, at solving CAPTCHAs than people. Therefore, I wonder if a long 
> term solution should also center around the question if the 
> distinction between people and machines is still meaningful. 
The bots couldn't be much worse at solving some sites' captchas than me.
Can't get worse than 0% success (on some sites).

I'm not so sure on some sites, they're not just jacking w/ TBB users.  
Sometimes, when the solution is quite clear, it reports entries as wrong 
- multiple times.
When that happens a couple of tries, I just leave - assume they don't 
want me (Tor) there.  In TBB or Firefox, if it's not a "must see" site, 
I often immediately close the tab when cloudflare captcha shows.

While on other sites, I get right in w/ TBB - sometimes when captchas 
are difficult.  Of course, you have to allow JS & sometimes a few 
trackers besides the site & Cloudflare (it seems).
Most sites make money off the trackers.  If the trackers can't follow 
TBB users from site to site (per their business model), what incentive 
do the sites have for allowing TBB users?
Or why would the trackers pay sites for the traffic due to from TBB, 
when they can't gather the same valuable data as avg users in unhardened 
browsers?
For sites worried about making $, it makes perfect sense to me why they 
wouldn't want TBB users taking resources.

At times, Cloudflare or some sites may say, "Gee, whiz - we're not 
blocking TBB intentionally.  We're working on a solution."
But I don't buy that  100%.  It's possibly just a politically correct 
excuse vs. saying, "We can't track you around the globe / make $, so we 
don't want you taking up bandwidth or other resources (like site tech 
support, etc.).

And for all the other sites that don't use Cloudflare (or other 
unsolvable captchas), but don't block TBB, if _"90+% of all Tor traffic 
attempts something malicious_," then how in the world do all those sites 
stay in  business / stay up & running?  Unless hackers have vendettas 
against only certain sites or high value targets, which is why they hire 
Cloudflare in the 1st place.

More information about the tor-talk mailing list