[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] more sites requiring captchas from Cloudfare (using Google API?)



Öyvind Saether:
> > These captchas recently started appearing (more often) on all kinds
> > of sites.   By far the most common name that pops up associated with
> > this security is "Cloudfare," but also some others.
> > Aside from being forced to allow scripts in NoScript from Cloudfare
> > for the captcha to work (or which ever one it is), it also seems to
> > require allowing scripts from... Google.com.
> 
> I too have noticed the Cloudflare annoyance on a wide variety of sites
> lately (not sure if more sites use Cloudflare or if Cloudfare has begun
> asking for a captcha in more cases).

I too find this situation unacceptable, since it seems to have been
unilaterally decided by CloudFlare and not by their customers who are
paying them. It has also proven to be buggy: I've gotten infinite
captcha loops, no captchas, and broken no-JS support (even though
ReCaptcha does support no-JS operation). I've also experienced repeated
captchas even if I'm logged into a given site, and the captcha prompting
has also caused me to lose web application state, form submissions, and
authentication status on more than one occasion.

I think the next step here is to try to gather a list of cloudflare
customers we suspect to be Tor friendly, and have them politely request
that their Tor users not be discriminated in this way, and failing that,
publicly leave Cloudflare for a competing ISP. I think pushback
from actual CloudFlare customers will carry far more weight here than
pushback from the Tor Project or the EFF. It also makes zero sense for
CloudFlare to serve Tor users captchas at all if their customers are the
ones paying the hosting bills and are happy to serve Tor users. 

For my part, I've noticed that nearly all of the Bitcoin web
infrastructure is hosted on Cloudflare. Surely some of those people
might be willing to speak up for us. 

Has anyone else noticed Cloudflare captchas on sites that they would
otherwise expect to be run by Tor-friendly entities?

-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk