[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] How to (Was: Tor and Google error / CAPTCHAs.)
On 1 Oct 2016, at 05:08, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:
> When the distorted characters were as legible as my writing, it always says there was an error - please repeat. Especially Google & Cloudflare. A few others may have been more Tor friendly.
> But use Firefox on the same sites - if the right scripts are allowed & not too much blocked, and it's almost always success the 1st time.
> I'm not sure if their reasoning is, if it's just impossible to solve, there's less chance of someone trying crash their site, than if they say right off, "You're using Tor - go away."
Watching the thread that leads up to this message puts me a little in mind of the Seligman experiments on "learned helplessness" - but with a critical difference:
The similarity is that a series of jolting user experiences have led to a mythology springing up:
"this is what we observe, therefore this is how the world must work, and it must be intended to be working this way because nothing else makes sense and no other explanation is forthcoming" -
…which leads the the sort of posting that Joe posts above, essentially that some evil gods named Google and Cloudflare have, do and are, arranging for the websites of the internet to be hostile to people who need or want use Tor, by throwing lightning-bolts called CAPTCHAs at them.
(Aside: It's also not typically about Tor users "crashing the site".)
Instead unlike the Seligman experiments, all these CAPTCHA-shocks are mere side-effects of a hodge-podge of code and network configuration, changing weekly or daily as it gets poked and prodded by systems-administration people who are prettymuch-the-same-as-you, their intention being to defend:
- access to their website, and
- the data that the people uploaded to it
…from robots, scrapers and "bad" people who hide amongst the "good" or "needful" people who use Tor.
The long-term solution is not to get caught up in a homebrew religion discussing "how to get access to <some website> whilst it is defended by a capricious multi-headed olympian monster named CAPTCHA". The long-term solution is the much harder and slower one of politely making the systems administrators aware that you "would really like to use Tor to access [their] website, please".
I'll admit that this does not help someone who is stuck with the first-order challenge of:
...but I believe it will be easier to bear, address, and eventually fix if one stops thinking that CAPTCHA is the order of the universe, and instead that "clearly some person at <site> is not aware that I want to use Tor to access their site, perhaps it's hard for them to accommodate my wants but if I reach out to them, maybe they can whitelist Tor exit nodes, or something."
The CAPTCHA "shocks" don't need to happen to you - or at least not all the time. A few are okay, that's what they are there for. Try to have a nice conversation with the actual human beings who run or represent the sites you want to access. Be aware (and unwavering!) that their security mechanisms _can_ be tweaked and adapted - but also understand that the mechanisms are actually there for a probably-good purpose, and you're caught up as a side effect of using the same software that "bad people" also use to scrape their website.
"But hey, isn't that the story of the entire Internet?" :-)
This is how to foster change.
for some sites it's entirely possible that there are fewer "good" people who use the site over Tor, than there are "bad" people scraping it, leading to a kind of "hostage" situation. One way to break that deadlock is to ask site owners to set up an official "onion" site, which - for exactly the same reason of "lack of awareness" - the scrapers are less likely to use, but still enabling the "good" people. One of my personal side-projects is to document precisely how cheap and easy it is to do this, because "a cheap and easy fix" is an attractive proposition.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to