Delivery-Date: Mon, 22 Jun 2015 10:38:00 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id CE3D71E0428;
	Mon, 22 Jun 2015 10:37:58 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 000CA3543B;
	Mon, 22 Jun 2015 14:37:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 562DB352D8
 for <tor-talk@lists.torproject.org>; Mon, 22 Jun 2015 14:37:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id teAzanFOYYU1 for <tor-talk@lists.torproject.org>;
 Mon, 22 Jun 2015 14:37:50 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 10DA934F39
 for <tor-talk@lists.torproject.org>; Mon, 22 Jun 2015 14:37:49 +0000 (UTC)
Received: from localhost ([185.95.23.86]) by mail.gmx.com (mrgmx101) with
 ESMTPSA (Nemesis) id 0LvQkh-1YzJOc3o95-010Zod for
 <tor-talk@lists.torproject.org>; Mon, 22 Jun 2015 16:37:46 +0200
Date: Mon, 22 Jun 2015 16:36:19 +0200
From: =?utf-8?B?w4dhxJ/EsWwgUC4gxZ5lc3Rv?= <secpost@abwesend.de>
To: tor-talk@lists.torproject.org
Message-ID: <20150622143619.GA20787@localhost.localdomain>
References: <5584E032.6060001@gmx.com>
 <1434800149.26545.13.camel@larsluthman.net>
 <558621B3.7000403@gmx.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <558621B3.7000403@gmx.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:5w0yzVGmc2mjPYKVbyzfd54yBCEvXvMtWCn/S8NFV52GSBYrmNE
 4XVmkayS7VuwnFIpKsN6t0jGr1CziFA/JmvQGz+rRQJ1FYxG7OMMwG9NbKWga/ugj/nSbqI
 dC6S+1ZlqQDDFtOWaT4rr7RUuXafohNklA7cHncfuCuAE9+/mg4+ycR/D7AEB9sSuFzRgjB
 Dv8cxs/Q3jnwoesJsfA+Q==
X-UI-Out-Filterresults: notjunk:1;V01:K0:hdwGlh3wuDA=:KgfNPK07d9it+syyKXmmMc
 axLJqceEv3cvvNbyTY/GdU4pt695uOmcw8wfUN+5xUBLl09X3trEDqp+a8umJinztKZjYIrkg
 WdhRrVF+1mYUJPnmWpZ0DQMKbu/w95C9VWboxweSMHHrf9enymMSSShjvtehyCaMHzDJ1nHkJ
 QgbcjobpkRV6GQjHPVZzM2hzcy4Yz9vgbnuqjp5lIasFViEa0rR1yJ4lr7tST+ggt4h9dKlKO
 QNSzLLusyttpLNcvQ22vOU7kOWr8ZqADWJlzBpbzeAU2r7eOI5uAE8ydtuHPTolxE5YKOLx6h
 8pXoesNbfC9ervyzuReCF05G803KH2n0+eSFJWwGVFeZ/9FIKSQ1pzOIctMXykQWbtetoYuMm
 gQRMoUE24ggUdeyR8G8Q9K8vSSupiXnDGWrx7f/DE9ik3VUrjXsyEwwHePHnE9J4pAmSJX4ML
 6dxlpUQy7f6Zz/W7kd/GNuhzcTNuGhlMP4clGa+Ut1lCNLgsppTnPabfCpGVXvCcDWDMF6tQO
 I2AWQQvI3NBE8RwVBcsv70bDF01PJa+8TFGO/Y2TkZvSfpr8011zapITn4Y67zziO3QGhuEaM
 8fa9yznv2m2FKVwTcnfKj0Qxwm0poKE8MdLPmEzJ/rdj1Vm6jNG5ZG+2OVygf2wdCqPokhNd3
 j35sK1H9WjUCHkCNi9MI16YAg3g0OSiNdA5GhQSxBZlnq6P5i8/vj4w1c8MuqHzEU010=
Subject: Re: [tor-talk] do Cloudfare captchas ever work?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Jun 20, 2015 at 09:30:11PM -0500, Joe Btfsplk wrote:
> Just to clarify (to all that replied) - I have JS enabled.  At least, 
> when trying to get captchas to work.
> Then, I'm using Tor Browser's default settings for NoScript.

My observations and conclusions:
- two captchas, both unreadable : the tarpit for robots, you usally
  don't get other captchas until you turn js on.
- two captchas, one readable, one unreadble : the original captcha
  approach as seen in recaptcha (it is considered broken since 2010).
- one captcha (usally parts of google streetview): they consider you
  human, you usually need javascript to get those (easy to ocr).

> in a "well behaved" European country.

I wouldn't count on that.

> Other times when Cloudfare didn't work, I didn't always think to check, 
> to see if there's any pattern to Cloudfare not working & specific exit 
> relay countries.

I don't think it helps much to change exit nodes, you may need to clear your
filesystem cache and cookies too (or not). Someone who abuses exitrelays just
tries one after another until he succeeds. Could be worth to automate
TBB and check. Most services which try to detect abuse automatically use
blacklists and/or signatures/fingerprints.

If you like to understand captchas better see:
https://www.google.com/recaptcha/intro/index.html 

There are some papers from 2005 and 2010 were captchas got ocr'd and
broken. Adam Langley had some more information on his blog, some of
it got lost, somehow.

A cdn like clouldflare can track you very easy over various exits, tor 
currently has 1115 relays that are exits, its possible to mark all of them
"malicious" on a blacklist-providers sensor in 15-30 minutes.

You may also see messages like:
Your IP address *.25.103.* has been flagged as a scanner. Scanners
are not permitted. If you are seeing this message in error, please
contact security@*********.io.

And that says it all:
- its not my ip :)
- you can't flag an ip :)
- I am not a scanner :)
- I won't contact them - BTDT :)

Even if I would contact them, all I can tell them, its not my ip and
their assumptions are all false and their service is prone to false
positives.

As said earlier, if the site you are visiting is one of a kind, it may
be worth your time to talk to them and about cloudflare, usually they
are not interested.

Reddit gives a good example, how to treat tor-users.

CC;DR - Cloudflare captcha, didn't read.

Anyway, funny is pirates are using cloudflare too, I consider them busy
until they solve that problem. :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

