pfm: .plan, site map, about

CloudFlare, CAPTCHAs and Privacy Pass

I’ve been using Orbot for some time and I’m quite fond of it, but there’s one thing that bothers me: some companies (like CloudFlare) abuse the fact that the list of Tor exit nodes is public and use it to block any access from that network. The result is annoying: one tries to access a website and is faced with several CAPTCHAs to solve.

At the bottom of one of such pages, I’ve noticed a suspicious hint to install Privacy Pass, an add-on that implements client-side of a CAPTCHA redemption mechanism. The other part is of course server-side software and CloudFlare supports it.

The idea that I should install some add-on to access websites via Tor appears wrong to me, but who am I to decide? So I’ve done some reading. This is how Tor project’s members react to this idea:

The idea that Tor users should be forced to install arbitrary software to comply with the wishes of Tor-blockers is wrong, wrong, WRONG in principle.

Furthermore, CAPTCHA is not solving any real problem here in the first place. So there’s no point in asking people to waste their time on CAPTCHAs or install weird add-ons. The only reasonable solution is for CloudFlare to stop serving those CAPTCHAs.

So please, do not install this add-on. Just leave the page that expects you to stare at pictures of traffic-lights and buses and read what you were going to read elsewhere.

This work by Piotr Mieszkowski is licensed under CC-BY-SA 4.0