[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How do tor users get past the recapacha and it's super short 2min exemption

On Wed, Jul 11, 2018, at 09:32, Lara wrote:
> On Wed, 11 Jul 2018, at 16:01, Nathaniel Suchy wrote:
> > I hate Cloudflare and what they’re doing to Tor users.
> Luckily Cloudflare, Google, Facebook do not hate you or the other Tor 
> Users. Talking about being unfair.

Several Cloudflare staff members have commented that they do support tor and have taken steps to enable tor users to have better experiences than would naturally happen as a result of their automated abuse prevention systems were left to score tor users based entirely on behaviour alone. One such example is that their "Is this a browser or a bot?" JavaScript takes the tor browser bundle's behaviour into account and doesn't penalize the browser for lacking any features which are normally disabled.

However there is a larger than average amount of abuse from tor exits, and this abuse returns intermittently the longer an exit has been around so their automation does learn to treat tor IPs with suspicion. It also means using non-standard browsers (Such as an iOS project) are more likely to fail the "Is this a browser" test resulting in a full CAPTCHA.

To their credit, they do make it easy for site operators to approve tor traffic in a more general way (by treating tor as a separate country in their whitelisting system). 

I'm not suggesting that Cloudflare couldn't do more/better, but they could also outright blacklist tor trivially or intentionally make the experience much more negative, but based on their statements they have made minor changes to try and improve the user experience without causing their customers grief. And based on their results (the Onion browser on iOS suddenly went from a "always blocked" to "Only occasionally blocked" shortly after I bought up the topic and provided them with a link to it). 

It is an imperfect world. This is part of why I use TBB for random legitimate things, specifically to increase the amount of "This is just a regular 'ol user, doing regular 'ol normal web things on Tor".

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to