People who want to browse the web with anonymity using the Tor network are having problems with too many CAPTCHAs that they encounter before gaining access to a site.

CAPTCHAs are the simple security tests or puzzles that are set to prove that the user is indeed a human being and not a robot or software. CloudFlare is the content delivery company behind these restrictive CAPTCHAs.

Your TOR usage is being watched
However, there is a good news for Tor users, this experience may soon be a thing of the past.

CloudFlare announced that they are formulating a way for anonymous Tor users to gain access to websites without in inconvenience of solving CAPTCHAs.

HISTORY OF TOR AND CLOUDFLAREtor-visitor-challenged

The Tor network was developed and is operated by the Tor Project. This is a non-profit organization that deals with the development and distribution of free software to help people tackle online surveillance.


The idea behind the Tor network is definitely a noble one that serves human right defenders, diplomats, government officials, and other people who seek freedom from surveillance.

However, the network has always often been used to facilitate malicious and illegal activities.

As such, most content delivery firms including CloudFlare and Akamai block Tor users from accessing important websites.

This is of course, unfair to a percentage of Tor users who is using the network for perfectly lawful activities.

Tor users have been complaining about CloudFlare’s CAPTCHA system that treats each IP address as a single user.

They have also voiced their concern on CloudFlare’s failure to address the interest of the community to have a dialogue with regard to the issue.

Therefore, this recent announcement is a step that is favorable to Tor users.


These are the reasons why Tor users are annoyed by the seemingly simple CAPTCHAs, in many cases the system presents Tor users with a lengthy series of CAPTCHAs that often are very slow, or it seems like it’s on an endless loop. This is intentionally done so that a user may give up.

Sometimes, it will push the user to opt for unsafe browser, thus revealing their location and IP address.

This can be a big risk to some Tor users who need anonymity including human rights activists or those victims of domestic violence.

The ones that are affected the most are those users leaving in a country with a slow internet, that leads to a very negative experience.

This new reform that will be implemented by CloudFlare is a response to the widespread backlash that the firm has received on social media and other online platforms.

This CAPTCHA system has been called a discriminative censorship system on numerous occasions.

David Kaye, UN Special Reporter detailed this internet discrimination in a 2015 report where he affirmed that the Tor network is necessary for the freedom of expression despite its negative aspects.

It is important to note that this CAPTCHA system also affects mobile phone users. Android users with the Android version of Tor browser and Orfox, have also complained about CloudFlare’s endless CAPTCHAs.


CloudFlare has always been aware of this problem for at least three years already. Tor Project Developers claimed that they have discussed the matter with CloudFlare developers both online and in person for more than a year.

However, CloudFlare CEO Mathew Price stated that the firm has always been open to finding an amicable solution without compromising the security of their clients.

This announcement has been long overdue and could be just another strategy to delay the matter. According to CloudFlare authors, the firm aims to solve this issue by employing a system called the Challenge Bypass Specification.

Through this system, authentication tokens called nonces offered via a Tor browser plugin will eliminate the CAPTCHA problem while still protecting other sites from malicious users.

Malicious traffic that has always been automated will be unable to earn these tokens.

Provision of nonces by authentic users will enable anonymous access to important websites. Users will be able to earn a number of tokens for solving a single CAPTCHA.

CloudFlare claims that this feature is not unique to them. Other content delivery firms will be able to implement this with their own policies.

The single CAPTCHA for token option, is not a guarantee that you ca access all websites.

While this feature is still in the works, it will definitely reduce the inconvenience caused by the current security measures.

Source : darkwebnews

Categorized in Others

CAPTCHAs have effectively protected websites from harmful bots and various types of spam for years. They are an internet commonplace. For Tor users, however, the number of CAPTCHAs presented to the user becomes debilitating. Tor users have routinely voiced complaints about the number of anti-robot puzzles presented to them.


become-an-internet-research-specialistCloudFlare, however, has defended their use of CAPTCHAs, stating that 94% of requests from the Tor network are malicious. When a user browses the internet using Tor, they are assigned the IP address of the Tor exit node. Many users, and bots, use the same exit node. Differentiating between concurrent legitimate and malicious requests coming from the same IP is no easy task.

Consequently, some form of filtering needs to be done to protect the website being travelled to.


In March 2016, CloudFlare implemented a step in what some consider the right direction. Website owners using CloudFlare as a CDN were given the option to whitelist all incoming Tor traffic. However, in whitelisting all such traffic, the site essentially becomes vulnerable to everything the CAPTCHA would detect and prevent.

Some sites began to utilize this configuration. DeepDotWeb whitelisted every Tor exit nodeand encouraged other sites to follow suit. Unfortunately, this option did not catch on for the vast majority of websites. Many webmasters felt uncomfortable allowing every exit node the ability to bypass CAPTCHAs.

tor-whitelisted.pngCloudFlare, being the massive CDN and anti-DDOS company that it is, may have found a solution. This potential solution comes in the form of a recent update to the challenge-bypass-specification proposal on CloudFlare’s GitHub repo. In the update, CloudFlare notably points out that Tor users do face a disproportionate number of CAPTCHAs

CloudFlare’s acknowledgement of the difficulty CAPTCHAs present to Tor users:

While CAPTCHAs in themselves are supposed to be easily solvable for humans, Tor users are dealt a disproportionate amount of these challenges due to the regularity of Tor exit nodes being deal with poor IP reputations. This problem has been likened to an act of censorship against Tor users as these users are the most targeted by this protection mechanism. This problem also affects users of certain VPN providers and of I2P services.

In an effort to make Tor browsing more seamless, CloudFlare is proposing a form of blind signatures. “A blind signature is a cryptographic signature in which the signer can’t see the content of the message that she’s signing,” Brave developer Yan Xu points out.

Tor users would solve a single CAPTCHA and in doing so, be granted a predefined number of access tokens. These access tokens would allow the user to visit websites without being confronted by subsequent CAPTCHAs. However, without the concept of blind signatures, this implementation would be fundamentally contradictory to the anonymity Tor provides.


The spec explains how this protocol would be implemented in a way that would not impact a user’s web footprint. “First, it moves JavaScript execution into a consistent browser plugin (for use in TBB etc.) that can be more effectively audited than a piece of ephemerally injected JavaScript,” they detail. The writers continue “Second, it separates CAPTCHA solving from the request endpoint and eliminates linkability across domains with blind signatures.”

Tokens granted to the user following the solving of an initial CAPTCHA would not be without limitations. Every puzzle solved would provide tokens that would be useable for standard web browsing. The number of granted tokens would be too low for attacks and malicious requests. Furthermore, this would not change the “protective guarantees” that CloudFlare currently offers.


“We also leave the door open to an elevated threat response that does not offer to accept bypass tokens,” authors explain.

Ultimately, if this proposal gets implemented, it would mean Tor users would experience a much smoother browsing experience. They would face less CAPTCHAs while maintaining the same anonymity currently provided.

Source : deepdotweb

Categorized in Internet Privacy

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media