[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On Wed, Oct 5, 2016 at 8:11 AM, Alec Muffett <alec.muffett@xxxxxxxxx> wrote:
> a) I like the idea of Google giving you "one free search" and from that
> trying to determine whether you are an "asshole" after which it lightens up
> with the oppression
That's fine, if implemented well, because the 'one free' is the
same as 'account creation', everyone gets a chance, then
there's other metrics applied after you're in to continually
evaluate further addition / subtraction of oppression.
> the challenge here is that "one free search" is easily
> exploitable by the "League of Assholes" who will create a vast army of
> "apparently-noob-non-assholes" and aggregate across their free searches in
> order to perform the scraping/searching/spamming that they desire. (Yes,
> even search results are interesting to scrapers, eg: using the Google cache
> to mine e-mail addresses from some third-party website which provides open
> access to GoogleBot but not to normal people.)
In this example, 1 free search across all exit nodes, then captcha'ing all
subsequent searches... well that would be 1000 searches total, and no more,
ever. And that 1000 somehow a giant crush upon googles infrastructions? No.
Yes, you can't do 1 free as the *only* defense layer.
If google continally checked the session as first above, combined
with an initial captcha, then this isn't really a problem. Of couse
only one method would be insufficient. So it doesn't work that way.
But as implemented...
How about when google throws captcha, you solve
it, and accept their cookie... you're now human.
Now get a new ip, or wait some time, or search for random
stuff / strings at human speed... all with the same cookies,
and they throw captcha again or worse, flat deny all further search
to your existing cookies.
"Our systems have detected unusual traffic from your computer network."
Ok, sure maybe you loaded your cookies into your bot.
But I doubt your bot looks very humanlike.
And you're probably not going to cost effectively pay some
third world army of humans to keep solving hourly captchas
and reloading the cookies into your bot.
I'd question google on the captcha issue, at least the sensitivity.
Among other issues.
https://www.google.com/finance?q=goog
Tor / Anon is a genuine impact to that and their PhD's?
If so, a google presentation and fora on that would
be quite interesting to see and discuss.
Perhaps if they put 1/1000th of what they put into
developing their html email, emojis, fonts, default top
post, whacked interface and threading, oh and say
SMS and datamining their users...
there would be no issues for people here to bring up.
Since you can pound away, exactly as above, as a human,
on "finance" searches and not seem to trigger a lockout,
appears you humanbots must be valuable to them there.
Oh well.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk