Delivery-Date: Tue, 23 Jun 2015 15:25:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A7A361E06C7;
	Tue, 23 Jun 2015 15:25:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4519836554;
	Tue, 23 Jun 2015 19:25:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F22D5364DD
 for <tor-talk@lists.torproject.org>; Tue, 23 Jun 2015 19:25:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id w6mKO7UEQaPq for <tor-talk@lists.torproject.org>;
 Tue, 23 Jun 2015 19:25:36 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id A7AE836497
 for <tor-talk@lists.torproject.org>; Tue, 23 Jun 2015 19:25:36 +0000 (UTC)
Received: from localhost ([77.109.139.87]) by mail.gmx.com (mrgmx002) with
 ESMTPSA (Nemesis) id 0LlESk-1YZnQr462I-00azNX for
 <tor-talk@lists.torproject.org>; Tue, 23 Jun 2015 21:25:33 +0200
Date: Tue, 23 Jun 2015 21:27:42 +0200
From: =?utf-8?B?w4dhxJ/EsWwgUC4gxZ5lc3Rv?= <secpost@abwesend.de>
To: tor-talk@lists.torproject.org
Message-ID: <20150623192742.GA752@localhost.localdomain>
References: <5584E032.6060001@gmx.com>
 <1434800149.26545.13.camel@larsluthman.net>
 <558621B3.7000403@gmx.com>
 <20150622143619.GA20787@localhost.localdomain>
 <JsSEPul----0@tutanota.de> <JsSQENd----0@tutanota.de>
 <CALogXGV2Su4My0EuU45d5CLSm-8CbgbBXPDAV69YBZ1FRQ652Q@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CALogXGV2Su4My0EuU45d5CLSm-8CbgbBXPDAV69YBZ1FRQ652Q@mail.gmail.com>
User-Agent: Mutt/1.5.23+89 (0255b37be491) (2014-03-12)
X-Provags-ID: V03:K0:gU0Cyc0HhfqIRQK5LeT7Uyp+HkEbyQPgtt/c8w2SOzd/zctHQ+x
 AFcBIUdyB5MwSrZAhopoQ8hY8Ojx7KvWl7QfKCHoQCqqELaYZP0X5PQSt4EbzrUpYgwYz08
 OSGzr8+RPYfeL6Cw1qoK3OPiIapEnJcUcMzQnniHrM6XcQKE0p0oSXQYYH9k55SGh4lGXzQ
 pdfGL3WdIu9FJemW6tb7A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:x4MtElhiU18=:+58sb+VJ92WvPBe4179fBs
 QU5NMXB3Zqv8/I3W60mrzU7/dy7vJESLLbNCbH3NVM5GdlSPT1Pj39cn7D7CBp018z00FAvZ4
 TafXVpht11WUlLeZAayAgGo3ucEruVS6+V77BjwK/1/bGSwkEMrIrpeWVVvFzpyYaFpZSCWes
 4M2bm2stqadZlETff+57W6hJwVs5O0qFrF+J8Om53o8nZoRoNMGt04ZXvg/FDccLwvFHoiKSD
 0X3wQ1yocEJQ7xABWW8S+KS4jan28UffR13v6gUDBm5Y+EBzrRJGO3ceAzr8pu3NNgbqP3Nst
 1QzHPG87IlPQ7Bktr+1+aW1eUQEfWdIW16KGFu4xNWBc0igeUEllp0lOIP0VxeOuvSNWvx3xM
 8EQ8nZoeHJSEFs4e1CdXptNeYr3AoAAHy9Xfv6ZEj0p3V0eiy+UrIJ32JYe/qn7Z5/xIQsZoT
 /n91ryWzHVMkUPRmyTYGhAhG0GTqy4vhOL/RsKaNvctWFCdwVp8bHOEYjPhMFLibhmZx5gyur
 UX2lhghpU9g6+YAzgczTjEYvteb6jduM4I9b+Fi6Y62pXFTSa9T9SO36dIfUtv/MIcoCdyjHC
 Q4M9O0cscaaRFzDLwHkc9ifNtaYn2FvMgCnw9og5ciglU5WKFUTDjP3JkyHIRmHWbwvVX+JQl
 FX9M0wE94G318YD+UjD/PM5GHEaca+bbjB6m5LfT0SXe9+RUgm+hr6ZRaZUfHxzA3CZw=
Subject: Re: [tor-talk] do Cloudfare captchas ever work?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Jun 22, 2015 at 06:53:23PM -0400, Mansour Moufid wrote:
> Sometimes I wonder if it's really Cloudflare, or some bad exit node
> running a CAPTCHA solving business.

If one doesn't use TLS that is a valid claim.

Since the captcha image delivery should originate from google with https in most
cases, you only need to redirect the cloudflare redirect, and since
cloudflare promotes and encourages TLS itself, it depends soley on the
tor user or the site participating in the cf-cdn using HSTS and CSP.

If you don't use TLS you may run into problems I mentioned earlier with
the privoxy filters and you are wide open to many scary injection and
XSS attacks.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

