Öyvind Saether: > > These captchas recently started appearing (more often) on all kinds > > of sites. By far the most common name that pops up associated with > > this security is "Cloudfare," but also some others. > > Aside from being forced to allow scripts in NoScript from Cloudfare > > for the captcha to work (or which ever one it is), it also seems to > > require allowing scripts from... Google.com. > > I too have noticed the Cloudflare annoyance on a wide variety of sites > lately (not sure if more sites use Cloudflare or if Cloudfare has begun > asking for a captcha in more cases). I too find this situation unacceptable, since it seems to have been unilaterally decided by CloudFlare and not by their customers who are paying them. It has also proven to be buggy: I've gotten infinite captcha loops, no captchas, and broken no-JS support (even though ReCaptcha does support no-JS operation). I've also experienced repeated captchas even if I'm logged into a given site, and the captcha prompting has also caused me to lose web application state, form submissions, and authentication status on more than one occasion. I think the next step here is to try to gather a list of cloudflare customers we suspect to be Tor friendly, and have them politely request that their Tor users not be discriminated in this way, and failing that, publicly leave Cloudflare for a competing ISP. I think pushback from actual CloudFlare customers will carry far more weight here than pushback from the Tor Project or the EFF. It also makes zero sense for CloudFlare to serve Tor users captchas at all if their customers are the ones paying the hosting bills and are happy to serve Tor users. For my part, I've noticed that nearly all of the Bitcoin web infrastructure is hosted on Cloudflare. Surely some of those people might be willing to speak up for us. Has anyone else noticed Cloudflare captchas on sites that they would otherwise expect to be run by Tor-friendly entities? -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk