[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Accessing Cloudflare sites on TBB

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Accessing Cloudflare sites on TBB
From: Spencer <spencerone@xxxxxxxxxxxxxxx>
Date: Fri, 02 Oct 2015 21:08:38 -0700
Authentication-results: mail2.openmailbox.org; dkim=none reason="no signature"; dkim-adsp=fail (unprotected policy); dkim-atps=neutral
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Oct 2015 00:09:05 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1443845331; bh=gh9ufJVKzXLl33+OWBs8Z3r06ggkViiKWjZeomSk7RM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=WDx73yXCGxiek350Ld8su9jOaLaPRv1BShCBxTJ6IHkE1R2kf0PTb68Iu6A8Y1XmV 9RP0GYsHCXI669x8HIrC4PcJWLBM7yuKQAJIdG19bOjNY/B3LKKemQoVdIsrPyxEw1 ptOYMRpt0YyYaXfPRQOzLpznncXMwChhK4vV2cQ4=
In-reply-to: <CADop2NG232W9WKdu4azvr5kncqaGF5KRmd60Frq3K7JE3rkEsg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CADop2NG232W9WKdu4azvr5kncqaGF5KRmd60Frq3K7JE3rkEsg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.6

Hi,

Virgil Griffith:
For unrelated reasons I'm meeting with Cloudflare. Can someoneenlighten
me on the current state of the captcha situation?

They suck (time and energy). They seem to only come in robotdiscrimination form.

Presuming they are unwilling to completely drop the captcha, what wouldbe
a step in the right direction?
What is a step they can take right now for improving Tor userexperience?


Thanks for doing this.  Here are some thoughts:

âÂHave them keep a "for everybody" version of what current IP threatscores are, like on a dedicated webpage, as well as provide the criteriawith which they determine the number that gets a defined security level(They might do something similar, but I couldn't find it). Basically,as much as they will publish. A block chain might be useful here, IDK.

âÂFor those without JS the text-only captchas are often too difficult.It would be nice if they implemented something more visual, like withtheir JS captchas. Something cool like what George Kadianakis wasconsidering for another purpose[0] would be fun.

âÂThey could just not use JS at all. I am sure they could do cool,usable stuff with PHP, Pearl, or something. IDK, maybe not.


âÂSee if they have any research on this [1].

â If they can detect the previous site visited, or other tabs open,using this, or other human-like tells, to verify that visitors are"Human" would be nice.

âÂAlso, as a Cloudflare user, having security level 'Off' actuallyfunction as off would be nice, instead of "off will act only against themost grievous offenders".

âÂAnd not having their transparency available only in a fragmentedseries of blog posts [2].


I hope some of this can provide value :)

Wordlife,
Spencer

[0]:https://lists.torproject.org/pipermail/tor-dev/2015-August/009302.html[1]:https://lists.torproject.org/pipermail/tor-talk/2015-August/038820.html[2]:https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Accessing Cloudflare sites on TBB
  - From: sh-expires-12-2015@xxxxxxxxxxxxxxxx

References:
- [tor-talk] Accessing Cloudflare sites on TBB
  - From: Virgil Griffith

Prev by Author: [tor-talk] New methods / research to detect add-ons?
Next by Author: [tor-talk] Accessing Cloudflare sites on TBB
Previous by thread: [tor-talk] Accessing Cloudflare sites on TBB
Next by thread: Re: [tor-talk] Accessing Cloudflare sites on TBB
Index(es):
- Author
- Thread