[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24607 [Circumvention/BridgeDB]: CAPTCHAs on BridgeDB seem to be getting more difficult

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24607 [Circumvention/BridgeDB]: CAPTCHAs on BridgeDB seem to be getting more difficult
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 16 Oct 2019 18:39:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Oct 2019 14:39:15 -0400
In-reply-to: <046.9341e7954f3b6b10a5c5f467e4b09741@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.9341e7954f3b6b10a5c5f467e4b09741@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24607: CAPTCHAs on BridgeDB seem to be getting more difficult
-------------------------------------------------+-------------------------
 Reporter:  alison                               |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/BridgeDB               |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  anti-censorship-roadmap-november,    |  Actual Points:
  s30-o22a2                                      |
Parent ID:  #31279                               |         Points:  5
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-must
-------------------------------------------------+-------------------------

Comment (by phw):

 Let's use this ticket to coordinate the future of BridgeDB's CAPTCHA.
 BridgeDB currently uses [https://github.com/isislovecruft/gimp-captcha
 gimp-captcha] to generate CAPTCHAs.

 * We believe that the GFW maintains a bot (which, ironically, uses Tor)
 that is successfully crawling BridgeDB while maintaining a CAPTCHA success
 rate that easily outperforms people. Not only does our CAPTCHA harm
 usability (see also #10831), it also fails in the face of a real-world
 adversary.

 * Google provides a [https://developers.google.com/recaptcha/docs/v3
 reCAPTCHA v3 API], which returns an anomaly score in the interval [0, 1]
 for each request, without any kind of friction. Ignoring for now that this
 is a Google service, it may be an option for BridgeDB's HTTPS distributor
 but not for moat or email.

 * There is plenty of research on new CAPTCHA schemes, sometimes leveraging
 more complex domains like video or adversarial examples, which are meant
 to confuse classifiers. None of these systems seems likely to make a
 difference in the long term.

 We are in a particularly difficult situation because our CAPTCHA needs to
 work for a highly diverse set of people.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24607#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #31974 [Applications/Tor Browser]: Nothing in the app menu seems to work on macOS
Next by Author: Re: [tor-bugs] #32135 [Circumvention/BridgeDB]: Write BridgeDB metrics parser and analyse existing data
Previous by thread: Re: [tor-bugs] #32116 [Applications/Tor Browser]: Fix tor-browser's .mozconfig so that ./mach configure succeeds on Linux by default
Next by thread: Re: [tor-bugs] #24607 [Circumvention/BridgeDB]: CAPTCHAs on BridgeDB seem to be getting more difficult
Index(es):
- Author
- Thread