[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Accessing Cloudflare sites on TBB


Virgil Griffith:
For unrelated reasons I'm meeting with Cloudflare. Can someone enlighten
me on the current state of the captcha situation?

They suck (time and energy). They seem to only come in robot discrimination form.

Presuming they are unwilling to completely drop the captcha, what would be
a step in the right direction?

What is a step they can take right now for improving Tor user experience?

Thanks for doing this.  Here are some thoughts:

âÂHave them keep a "for everybody" version of what current IP threat scores are, like on a dedicated webpage, as well as provide the criteria with which they determine the number that gets a defined security level (They might do something similar, but I couldn't find it). Basically, as much as they will publish. A block chain might be useful here, IDK.

âÂFor those without JS the text-only captchas are often too difficult. It would be nice if they implemented something more visual, like with their JS captchas. Something cool like what George Kadianakis was considering for another purpose[0] would be fun.

âÂThey could just not use JS at all. I am sure they could do cool, usable stuff with PHP, Pearl, or something. IDK, maybe not.

âÂSee if they have any research on this [1].

â If they can detect the previous site visited, or other tabs open, using this, or other human-like tells, to verify that visitors are "Human" would be nice.

âÂAlso, as a Cloudflare user, having security level 'Off' actually function as off would be nice, instead of "off will act only against the most grievous offenders".

âÂAnd not having their transparency available only in a fragmented series of blog posts [2].

I hope some of this can provide value :)


[0]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009302.html [1]: https://lists.torproject.org/pipermail/tor-talk/2015-August/038820.html [2]: https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to