[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16096 [operations]: CloudFlare captchas

Subject: Re: [tor-bugs] #16096 [operations]: CloudFlare captchas
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 24 Dec 2015 06:25:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 24 Dec 2015 01:25:48 -0500
In-reply-to: <047.fd411a22bf032b79e646f3a0be24b9d3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.fd411a22bf032b79e646f3a0be24b9d3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16096: CloudFlare captchas
------------------------+-------------------------
 Reporter:  isabela     |          Owner:  isabela
     Type:  task        |         Status:  new
 Priority:  Medium      |      Milestone:
Component:  operations  |        Version:
 Severity:  Normal      |     Resolution:
 Keywords:              |  Actual Points:
Parent ID:              |         Points:
  Sponsor:              |
------------------------+-------------------------
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)
 * severity:   => Normal


Comment:

 I noticed that CloudFlare is using Google's reCAPTCHA version 1. It turns
 out that version 1 is deprecated in favor of version 2.

 When JavaScript is disabled, reCAPTCHA version 1 is typically impossible
 for a human to solve, whereas version 2 is relatively reasonable.

 Demo of v1 (what CloudFlare uses now):
 https://www.google.com/recaptcha/api/fallback?k=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI

 Demo of v2 (what CloudFlare should use):
 https://www.google.com/recaptcha/api/noscript?k=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI

 In the URLs above, the value of `k` is the public site key (in this case,
 a demo). I tried changing the URL cloudflare uses from `fallback` to
 `noscript`, but it returns an error. My reading suggests that CloudFlare's
 site key is reserved for version 1, and CloudFlare will need to request a
 new site key to migrate to version 2.

 If CloudFlare would be kind enough to upgrade to Google reCAPTCHA version
 2, then I think it will be much easier for Tor Browser users to access
 these sites. Sites using CloudFlare would still be protected by a CAPTCHA,
 but one that allows humans to pass.

 Full documentation for reCAPTCHA is at
 https://developers.google.com/recaptcha/intro

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16096#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #17928 [Tor]: Warnings in syslog for wrong permissions on hidden service dir are misleading
Next by Author: Re: [tor-bugs] #17919 [Onionoo]: Document history objects better
Previous by thread: Re: [tor-bugs] #17928 [Tor]: Warnings in syslog for wrong permissions on hidden service dir are misleading
Next by thread: [tor-bugs] #17929 [Tor Support]: FÃr "Tor Browser does not have permission to access the profile. Please adjust your file system permissions and try again.
Index(es):
- Author
- Thread