-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have experienced this problem many, many times. Seems that I am not the only one! I agree that we need to do something about it. (complaining/persuading to Cloudflare etc.) and without JS all the captchas are buggy and useless.
On 16/09/14 07:45, Joe Btfsplk wrote: > > On 9/15/2014 4:16 PM, Mike Perry wrote: >> Öyvind Saether: >>>> These captchas recently started appearing (more often) on all >>>> kinds of sites. By far the most common name that pops up >>>> associated with this security is "Cloudfare," but also some >>>> others. Aside from being forced to allow scripts in NoScript >>>> from Cloudfare for the captcha to work (or which ever one it >>>> is), it also seems to require allowing scripts from... >>>> Google.com. >>> I too have noticed the Cloudflare annoyance on a wide variety >>> of sites lately (not sure if more sites use Cloudflare or if >>> Cloudfare has begun asking for a captcha in more cases). >> It has also proven to be buggy: I've gotten infinite captcha >> loops, no captchas, and broken no-JS support (even though >> ReCaptcha does support no-JS operation). I've also experienced >> repeated captchas even if I'm logged into a given site, and the >> captcha prompting has also caused me to lose web application >> state, form submissions, and authentication status on more than >> one occasion. > So far, other than more & more sites are in the "information > gathering business," I can't imagine that most sites where I've > seen Cloudfare captchas would be anti-Tor. Unless, information > gathering has now become too profitable to let it slide by. Since > they don't get much info from Tor users, perhaps they just make the > process irritatingly difficult. Perhaps outside forces (read: 3 > letter agencies) are putting pressure on some sites to discourage > TBB use. > > Yes, I've experienced most of the problems you mention. Like (but > not limited to), after I've done the captcha & successfully gained > site access, sometimes (not always?) it'll ask me to repeat the > captcha process. That seems to often happen when changing pages (on > the same base domain of the site). Even with 1st party cookies > enabled. But it asking to repeat the captcha could also be from > TBB's IP address changing?? Not sure. > > Like oyvinds, usually as soon as I see the Cloudfare captcha page, > I just close the tab & move on. And that's what I'll continue to > do. If the sites using this have that much problem w/ spam, I do > feel for them, but I also wish them luck in not driving most users > away. I suspect they (or 3rd parties) are getting more out of it > than just preventing spam / bots. > > I don't care if the site or captcha process is broken or not. > Aside from seeming to also require GOOGLE (which is enough to make > me leave immediately), the process is too time consuming & doesn't > work consistently - even when 1st arriving at the site & necessary > js is enabled for required parties. Sometime the captcha image is > truly unreadable. Sometimes refreshing the image results in > equally unreadable ones. Sum total: Far too much hassle, even if > it worked. >> >> I think the next step here is to try to gather a list of >> cloudflare customers we suspect to be Tor friendly, and have them >> politely request that their Tor users not be discriminated in >> this way, and failing that, publicly leave Cloudflare for a >> competing ISP. I think pushback from actual CloudFlare customers >> will carry far more weight here than pushback from the Tor >> Project or the EFF. It also makes zero sense for CloudFlare to >> serve Tor users captchas at all if their customers are the ones >> paying the hosting bills and are happy to serve Tor users. >> >> For my part, I've noticed that nearly all of the Bitcoin web >> infrastructure is hosted on Cloudflare. Surely some of those >> people might be willing to speak up for us. >> >> Has anyone else noticed Cloudflare captchas on sites that they >> would otherwise expect to be run by Tor-friendly entities? >> >> >> > - -- - --Daniel Roskams 0x6A0E156E (pgp) keyserver: `keyserver.ubuntu.com` -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUF7sxAAoJEA3q/nZqDhVuBXgQAMB6fADa2d30jcqqZkkdebU4 cMG88c6miC399iwqPZ3ItcfHpO1gt1P3vpN0/lYHvloKPzpvQAUAvDqg3x9Zpndi nD5q5UW3aHuhjCXTBRZ1Yi+d/4ffLufNOdJdajMb6XEByCn4744Hbt6Bx1qaIaSU aoqnZIjyCh06/0TtKt/KXVft21Nr2mX2fnG/lba0VOGCOboTBQE0ihzBhSetppPn Lbr/CixWLPBbXqDUk7adjCq/d0m+8vDeqAbAYnjth7T4iTJrdj19E8iwT7um/bhk HmhdC4UeCcMN0h7YGjXasTmLGuThMettEzR/+p/fnCe8P9XSwGNehdzJsJRwxBm9 /8N9dYFHN4jN+/Eb8AOJP3K9gqmIyshqXfWIY33EEXNHu7OkXr9m/+M4+2zWcWw+ SjyhvMRE0hskOjiW4OnBQd//IRJzNV2Xo2j6ZTsbA4rQ8xqOrFpXNn/vIfya/TFY m7x0at4yoaZwalA4ksH6Wg9PrWTSc9f5u9wWjDKD2bukr1zsY8lV3Dx52RcZTSWS xL4X9s9YwQHCIC7ktSDBzUk9xYrltIkBknAlPtfoSEsy8CFNXbaDBAEG45X5v9jG GxMTfmPdn6wLS9sv1BYbn3IZZ4jAP6IqZDKFLxd1z26JfVHf93biQuNAe+cfjHq7 lcwx1m0ZqgiZmujQbA2B =TAig -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
