[tor-talk] How do tor users get past the recapacha and it's super short 2min exemption
Dave Warren
dw at thedave.ca
Mon Jul 16 19:08:01 UTC 2018
> On Jul. 14, 2018, at 09:39, David Niklas <great123456 at mail.com> wrote:
>
> On Wed, 11 Jul 2018 18:50:48 -0700
> Dave Warren <dw at thedave.ca> wrote:
>> However there is a larger than average amount of abuse from tor exits,
>> and this abuse returns intermittently the longer an exit has been
>> around so their automation does learn to treat tor IPs with suspicion.
>> It also means using non-standard browsers (Such as an iOS project) are
>> more likely to fail the "Is this a browser" test resulting in a full
>> CAPTCHA.
>
> Perhaps you could tell them (or tell me how to tell them), that I am
> legit. I get the full Captcha every time.
The whole point of tor is that you are anonymous just like everybody else.
Privacy Pass attempts to allow you to bypass CAPTCHAs by providing you with tokens that anonymously prove you have solved CAPTCHAs recently. https://support.cloudflare.com/hc/en-us/articles/115001992652-Privacy-Pass
> They *really* need to increase the timeout.
I have to say, I don’t see this myself on a regular basis. Perhaps you are not keeping cookies such that they can identify the you that passed a CAPTCHA is the same you that is browsing now? Without cookies or other local storage being available, every request is new/unique from Cloudflare’s perspective and therefore they don’t know that you passed a challenge.
It could also be that site owners have set the timeout very low, I can go as low as 5 minutes on the free tier. I believe the default is a week although I’m not certain. I set mine to much longer (but I also whitelist Tor across the board). This is something website operators can control:
https://support.cloudflare.com/hc/en-us/articles/200170136-What-will-changing-the-Challenge-Passage-TTL-do-
>
>> To their credit, they do make it easy for site operators to approve tor
>> traffic in a more general way (by treating tor as a separate country in
>> their whitelisting system).
>
> That is useful, is there an instruction that I can point authors to?
>
https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
More information about the tor-talk
mailing list