[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by toruser2016):

 I am not affiliated with Tor itself, I am just a normal web user, who
 occasionally uses tor, and I am also a cloudflare user in the sense that I
 am a user / visitor of sites "protected" by cloudflare.  I find the status
 quo frustrating and disappointing.  I can't understand why CF have so much
 trouble with implementing working captchas.

 ==Overview==

 1.  It is widely accepted that there is a problem here.
 2.  Cloudflare have been trying for months if not years to solve it.
 3.  So far CF's attempts to solve this problem have been a failure.

 Why is it so hard for Cloudflare to solve this??

 There are two tracks here, better not to confuse them.

 The first track is the "intended" status quo, which involves giving up
 Captchas now and then to tor users, to force them to identify as human
 before they can browse a page.  It is supposed to work but it doesn't.
 Apparently changes were made recently, but people still report the endless
 captcha cycle, unsolvable captchas, it doesn't work on the android tor
 browser Orfox etc etc.  Personally, I think if this actually worked as
 intended (captchas were actually solvable etc), I would be a lot happier.
 I don't mind solving captchas every so often, I had to solve one to
 register for trac.torproject.org!.

 The second track is more complex solutions to the general problem of
 identifying good actors and bad actors, zero knowledge proofs and all the
 rest of it.  These are complex solutions to hard problems and I think
 these discussions should come later.  If CF are not willing or able to
 solve the simple "serve up a captcha that works" problem, there is no hope
 for them to implement a hard solution to this.  Forget the second track
 for now.

 So my question is to Cloudflare, their CTO was on here earlier.  Why
 exactly are you not able to just implement a Captcha system that works??
 Seriously, is it that hard?  As far as I know, you have recently moved
 over to serving up Google captchas, but it still doesn't work?  Is CF's
 CTO really OK and comfortable with the fact that his team couldn't
 implement this after apparently trying for a few years?  Seriously!!
 Captcha's as a concept have been around for a pretty long time now.

 == Never attribute to malice that which is adequately explained by
 stupidity ==

 Personally I don't believe CF are deliberately making the internet hard to
 use through Tor due to some nefarious conspiracy with the lizard men, but
 we should accept that the status quo suits the NSA very nicely.  It was
 made clear in the Snowden leaks that GCHQ, the NSA etc would like people
 to stop using Tor, so I am sure they are very happy to see CF make general
 web browsing difficult and frustrating for ordinary users.  The longer the
 situation persists, the less adequate "stupidity" is as a reason for
 Cloudflare's inability to solve this.  It's time for CF to step up and fix
 their captchas, which they have claimed they will do on a number of
 occasions in recent months.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:66>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs