[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Request for feedback/victims: cfc



Thank you, Yawning!  This looks great.  :)


I think Kate was planning on writing up an official position of the Tor
project on the CloudFlare situation.  Amongst other things, it's
expected to contain several strong arguments for convincing sites that
the CAPTCHA does them no good and to make their CloudFlare configuration
more Tor friendly.  Or simply use another CDN like Akamai.

After that appears, one could add a mailto: link alongside the cfc
button, so that users could easily start a dialog with the site where
they encounter a CloudFlare CAPTCHA. 

A mailto: link can have email header and body information like
	mailto:..@..?subject=Unreachable from Tor due to CloudFlare
CAPTCA&body=..  
And the body could contain some text derived from whatever Kate writes.

In principle, the mailto: link's destination could determine the site's
contact information from whois : 
 https://stackoverflow.com/questions/8435678/whois-with-javascript 
If that's annoying, then simply placing a unix command like  "whois
[site] | grep Email" into the body along with some explanation should
suffice. 

It's easy enough to do all this with a shell script of course, but if
cfc moves towards many people using it then maybe encouraging people to
email sites will help. 

Jeff




On Wed, 2016-03-23 at 11:00 +0000, Yawning Angel wrote:
> [I hate replying to myself.]
> 
> On Wed, 23 Mar 2016 09:15:36 +0000
> Yawning Angel <yawning@xxxxxxxxxxxxxxx> wrote:
> > My "proof of concept" tech demo is what I consider good enough for
> > use by brave people that aren't me, so I have put up an XPI package
> > at: https://people.torproject.org/~yawning/volatile/cfc-20160323/
> 
> I noticed some dumb bugs and UI issues in the version I pushed so I
> changed a lot of things and uploaded a new version that should be
> better behaved.  In particular:
> 
>  * It is now Content Script based, and does IPC so it may survive the
>    transition to sandboxed/multiprocess firefox better.
> 
>  * It will always inject a button into the DOM instead of trying to
>    display browser UI stuff (content scripts are supposed to have
>    isolation...).
> 
>    * The UI selection pref is removed.
> 
>    * The ask on captcha option for behavior is removed, since a button
>      always will be there to bypass it.
> 
>  * Loading lots of pages that end up displaying street signs *should*
>    now behave correctly.
> 
> The old release is under `./old` for posterity.
> 
> Sorry for the inconvenience,
> 
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev