Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cloudflare Ends CAPTCHAs For Tor Users (zdnet.com)

Posted by msmash on from the how-about-that dept.

Cloudflare announced on Monday a new service named the "Cloudflare Onion Service" that can distinguish between bots and legitimate Tor traffic. The main advantage of this new service is, said Cloudflare, that Tor users will see far less, or even no CAPTCHAs when accessing a Cloudflare-protected website via the Tor Browser. A reader writes: The new Cloudflare Onion Service needed the Tor team to make "a small tweak in the Tor binary," hence it will only work with recent versions of the Tor Browser -- the Tor Browser 8.0 and the new Tor Browser for Android, both launched earlier this month. Tor users have been complaining about seeing too many CAPTCHAs when accessing a Cloudflare-protect site for years now. In February 2016, Tor Project administrators went as far as to accuse Cloudflare of "sabotaging Tor traffic" by forcing Tor users to solve CAPTCHA fields ten times or more, in some cases.

Cloudflare responded to accusations a month later, claiming the company was only showing CAPTCHAs because 94 percent of all Tor traffic was either automated bots or originating from malicious actors. Half a year later, in October 2016, Cloudflare started looking into methods of removing CAPTCHAS for Tor users. Their first foray was the Challenge Bypass Specification and a Tor Browser extension, but that project didn't go too far, and has been eventually replaced by the new Cloudflare Onion Service today.

4 of 50 comments (clear)

  1. Re:Sounds great by AmiMoJo · · Score: 2

    TOR is secure, within the limitations of what it is designed to do.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. CAPTCHA is still in place! by laie_techie · · Score: 2

    CAPTCHA is just a test to distinguish between bots and humans. CAPTCHA does not need to be images of swirled words. It sounds like Cloudfare has developed a CAPTCHA which isn't even visible to the end user (yeah!).

    1. Re:CAPTCHA is still in place! by acvh · · Score: 2

      CAPTCHAs are actually training for AI image and pattern recognition software. So I anticipate that soon there will be bots that can solve them as easily as we can.

  3. Re:Godamn CAPTCHAs by Opportunist · · Score: 3, Funny

    Since they're fairly predictable (it's always 3 "correct" images, each re-validating 2-3 times) I wonder whether it wouldn't be faster to write a bot for it, requesting the page a few dozen times and randomly "solving" the pictures...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.