Delivery-Date: Wed, 30 Mar 2016 16:19:26 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A8DAF1E0D00;
	Wed, 30 Mar 2016 16:19:24 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7242437E10;
	Wed, 30 Mar 2016 20:19:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AF03B2472B
 for <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 20:19:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id B1EcvCCj-ymT for <tor-talk@lists.torproject.org>;
 Wed, 30 Mar 2016 20:19:16 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 38EFB243B9
 for <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 20:19:15 +0000 (UTC)
Received: from [192.168.2.60] ([99.190.181.188]) by mail.gmx.com (mrgmx002)
 with ESMTPSA (Nemesis) id 0MHHZT-1aYwN21lMh-00E46r for
 <tor-talk@lists.torproject.org>; Wed, 30 Mar 2016 22:19:11 +0200
To: tor-talk@lists.torproject.org
References: <20160330132105.GA8024@lapsedordinary.net>
 <20160330150151.GD3164@riseup.net>
From: Joe Btfsplk <joebtfsplk@gmx.com>
Message-ID: <56FC34BD.9070808@gmx.com>
Date: Wed, 30 Mar 2016 15:19:09 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160330150151.GD3164@riseup.net>
X-Provags-ID: V03:K0:fFDS6UwNE0PaWfgrxJohjaaiCPLuIX/IElpmPorraF3lyI4TN/a
 r05LeJOvA6G+ApfXfcE5yxhC0pTct3zZjlDcFhBNUAgmNHGzXX00BvvKD9uwSFN+h+oyMSu
 QSzJ1pdUNAG8KxILB4jUbl6Fh3cnjSfjwsX4j8dl2A4XwLgXFhlJcFukcXGlEkVOaHGVLgF
 vKusGz7OvauZh9e+gHVhw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:BFXlg+j9whM=:d+gpSsgy/+4LkjXz8m2xIU
 M8W8fdbtIZQTjhOebxOQKt+F55OeQGPOpjpZ7vuukz2JgRn7U1GL88C9qAA6ttDjsvbKBJZf2
 1k6gl6ixJmeMqEbEPcC/qBkoeoAck5kK/Aa6fn6dxWhF2/Tc/WvTGbMHLXs8fIoe8AwFInJuD
 6NTZxog17i1B6D+GBUUFBzMTmWlQo+XBBzvDUvCdN0PJcxLQyqIEAf8fptBG9q3LYvrgVLfmg
 K/7h7OmT42EODunV+NZBLFOM5O5ogzyCCawzy9oEn3KlTRgWSka7BuXzPI6r78MSjS/5IThgE
 Bn8zE6CopxdVA+s3LOMJLYK8uiSvxZmYd8e19H/8ayhANCPhpKCdpw4uxsP5x7kvB3e5fj2p8
 O39q7+daIB/5xpDAOLRBYEcuSEZIJ+mKpim7NY0qmVrsiFAtztRfaF0T6OenTh9fZ4ZhcbuKQ
 u/KGvqbu5pOWs5/LUAONYzq/ERijw89zY+pPzqnRYBEAXq4gWCXgFdPvypwIqRUtkm+GnvNEv
 GmiK/Q7evwCcjrlyqazZttA4+/YW1SBjR7prmpnctv8MCw7mCRHASC/YAWiDCLiphjeKnK+aA
 HoXQ3VUwK+FhYfuydXPm7YitCwFsBC1l03tCBjkWuBQCHy8bK57fR1uOymKjkAPpAPe49cfA2
 YRBIcGGxnyNgTs+8Zwfi7lZAaPRfkSdLZta3DgVeVLKTLsN2Mt4S/N+hed5lZjnVpRlZ4NHOj
 8QXXAdhKhDYBgXf5313O9K0rVVvRD8hy1CanWkZ9xknNemW37PcXbtyh/eZTm78jhwKrq61Qd
 LUBGi2N
Subject: Re: [tor-talk] CloudFlare blog post
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 3/30/2016 10:01 AM, Philipp Winter wrote:
> I also wonder how effective your CAPTCHAs really are. Deep learning 
> techniques suggest that bots are about to become just as good, or even 
> better, at solving CAPTCHAs than people. Therefore, I wonder if a long 
> term solution should also center around the question if the 
> distinction between people and machines is still meaningful. 
The bots couldn't be much worse at solving some sites' captchas than me.
Can't get worse than 0% success (on some sites).

I'm not so sure on some sites, they're not just jacking w/ TBB users.  
Sometimes, when the solution is quite clear, it reports entries as wrong 
- multiple times.
When that happens a couple of tries, I just leave - assume they don't 
want me (Tor) there.  In TBB or Firefox, if it's not a "must see" site, 
I often immediately close the tab when cloudflare captcha shows.

While on other sites, I get right in w/ TBB - sometimes when captchas 
are difficult.  Of course, you have to allow JS & sometimes a few 
trackers besides the site & Cloudflare (it seems).
Most sites make money off the trackers.  If the trackers can't follow 
TBB users from site to site (per their business model), what incentive 
do the sites have for allowing TBB users?
Or why would the trackers pay sites for the traffic due to from TBB, 
when they can't gather the same valuable data as avg users in unhardened 
browsers?
For sites worried about making $, it makes perfect sense to me why they 
wouldn't want TBB users taking resources.

At times, Cloudflare or some sites may say, "Gee, whiz - we're not 
blocking TBB intentionally.  We're working on a solution."
But I don't buy that  100%.  It's possibly just a politically correct 
excuse vs. saying, "We can't track you around the globe / make $, so we 
don't want you taking up bandwidth or other resources (like site tech 
support, etc.).

And for all the other sites that don't use Cloudflare (or other 
unsolvable captchas), but don't block TBB, if _"90+% of all Tor traffic 
attempts something malicious_," then how in the world do all those sites 
stay in  business / stay up & running?  Unless hackers have vendettas 
against only certain sites or high value targets, which is why they hire 
Cloudflare in the 1st place.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

