Dear web developers and admins,
please stop embedding Google's hideous #ReCaptcha into your websites. Its algorithm is faulty, forcing regular users to click dozens or even hundreds of fire hydrants, bicycles, or traffic lights each day. It puts a 'suspicious activity' flag on users who won't obey to Google's business model - such as people who don't sign into Chrome, use anonymity VPNs, or use browser extensions to suppress common tracking mechanisms. Enough is enough. Stop it.

Follow

@kernpanik
Please. If you must, Cloudflare's captcha is much more Tor-friendly.

@miklo
Exactly.

@Senicar
There is so much wrong w/your comment. If you're logged into #Google, the #reCAPTCHA pushes fewer puzzles. Of course that tracking abuses #privacy & defeats the reason for using #Tor, but #CloudFlare is a bigger threat to Tor users than Google. No one who is informed & groks privacy visits CF sites. Also, #hCAPTCHA *pays* CF for CAPTCHA solutions, so you financially feed the biggest Tor adversary when you solve an hCAPTCHA.

@kernpanik

@koherecoWatchdog Jesus dude, drop your guns for a moment. This is why I don't tweet.

I said "if you must," Cloudflare's captcha provides a much better UX for Tor users. If I'm (or my less tech savvy and privacy conscious relatives) trying to access a site over Tor and my choices are Google or Cloudflare, at least Cloudflare will let me through with less hassle. A hidden service is ideal, as is a website that truly respects privacy, but perfect is the enemy of good here w/r/t adoption of Tor.

@koherecoWatchdog Trying to de-google and de-cloudflare my life is a constant uphill battle. I try to run everything to Tor too, and it's exhausting. I can't even get my wife to use ad-blocking DNS (it breaks Facebook, you see 🙄), much less the access point I set up that routes everything through Tor, or a privacy respecting OS.

@koherecoWatchdog "No one who is informed & groks privacy visits CF sites."

How does one know if a given site is CF-backed or not?

@vesperto if you use a browser other than Tor Browser on Tor, a #CAPTCHA will block you from most #CloudFlare sites. Regardless of Tor, you can hit F12 & in the network tab click on a file. If "cf-ray" appears in the headers then it's a CF site. Some plugins signal when a site is CF.

@vesperto The "CloudBleed" plugin signals when you visit a CF website. There's a "bcma" plugin that will detect when you try to visit a CF site & auto redirect you to the archive.org version of that page. This project keeps track of the massive list of privacy-abusing #CloudFlare sites: git.fuwafuwa.moe/you/stop_clou That's also where you can find the BCMA plugin.

@vesperto For anti-CF plugins, have a look here: git.fuwafuwa.moe/you/stop_clou The "ismitmlink" plugin looks for #CloudFlare links on the page you visit and puts a strikethrough over the link so you know before you click a link if it leads to CF.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.