On Mon, Jun 22, 2015 at 06:53:23PM -0400, Mansour Moufid wrote: > Sometimes I wonder if it's really Cloudflare, or some bad exit node > running a CAPTCHA solving business.
If one doesn't use TLS that is a valid claim. Since the captcha image delivery should originate from google with https in most cases, you only need to redirect the cloudflare redirect, and since cloudflare promotes and encourages TLS itself, it depends soley on the tor user or the site participating in the cf-cdn using HSTS and CSP. If you don't use TLS you may run into problems I mentioned earlier with the privoxy filters and you are wide open to many scary injection and XSS attacks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
