[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] do Cloudfare captchas ever work?



Hey there,

(TL;dr)

> "Anyway, funny is pirates are using cloudflare too..."
> Please explain?

Boards with illegal content like crimenetwork.biz are using cloudflare too. You can't really access sites with cloudflare's security-settings switched to "very secure" if you don't enable JavaScript. I better don't think about what Scripts they will run. 

> mansour moufid wrote:
> 
> "Sometimes I wonder if it's really Cloudflare, or some bad exit node
> running a CAPTCHA solving business."
> 
> Mansour, to what end would they run a captcha solving business?
> If they were, I don't understand how they'd benefit.


It's useful for automated downloads eg with an uploaded.to free-accounts. (This is the only website I remember right now, but there are many other services require the user to enter captchas to get some content.)


-- 
Best Wishes

Kleft

"I disapprove of what you say, but I will defend to the death your right to say it" 

Evelyn Beatrice Hall

(as seen on @mrphs)

On Jun 23, 2015, at 2:15 AM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:

Thanks for the helpful replies.

> On 6/22/2015 9:36 AM, ÃaÄÄl P. Åesto wrote:
> "A cdn like clouldflare can track you very easy over various exits, tor currently has 1115 relays that are exits, its possible to mark all of them "malicious" on a blacklist-providers sensor in 15-30 minutes."
Is that actually true?  (they can track you over various exits)
Is that what the design document says? https://www.torproject.org/projects/torbrowser/design/#privacy

But, many Tor Browser users  seem to question allowing all scripts by default - including 3rd party.
For browser / computer security, as much as anything.

As I understand (roughly paraphrasing), the thinking on allowing JS is,
- many sites won't work fully (or at all) without JS.  Certainly, captchas won't.
- if all users have JS enabled, no one stands out.
- Tor Browser design protects against privacy (possibly anonymity) issues like cross domain tracking.

On the _latter point_, I'm not as technically advanced as many on this list, to fully understand ALL subtleties in the design document.

"Anyway, funny is pirates are using cloudflare too..."
Please explain?

mansour moufid wrote:

"Sometimes I wonder if it's really Cloudflare, or some bad exit node
running a CAPTCHA solving business."

Mansour, to what end would they run a captcha solving business?
If they were, I don't understand how they'd benefit.





-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk