Cloudflare just announced its support of Privacy Pass, a challenge-response protocol designed to avoid repetitive CAPTCHAs-solving for anonymous users, while using Zero-Knowledge Proof to prevent the possibility of distinguishing each user, to acquire both convenience and anonymity.
It is developed in collaboration with researchers from Royal Holloway and the University of Waterloo. https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ https://blog.cloudflare.com/privacy-pass-the-math/ What does the Tor community think about it? Could it be a possible solution to the Tor-CAPTCHAs problem? My own opinions, 1. Any 3rd-party extensions harm the anonymity of Tor Browser, don't install the Privacy Pass plugin to your Tor Browser. 2. It only supports Cloudflare. Something like this could be a general and standardized protocol. So we could get rid of Cloudflare CAPTCHAs, Google CAPTCHAs, you-name-it website CAPTCHAs altogether. And we can integrate it in our browsers and servers. 3. Even if this protocol is integrated in Tor Browser, after clicking "New Identity", all local data will be erased. Considering this feature is frequently used by Tor users, we still need to solve some CAPTCHAs. Anyway, the Cloudflare-CAPTCHAs problem won't go away in the visible future, though Privacy Pass may be a possible improvement. 4. Perhaps a good solution for now, can be a campaign, asking sysadmins to whitelist Tor users from their Cloudflare's firewall rules. Yes, you can give Tor users a free pass unconditionally for your website on your Cloudflare panel. If it's not practical to do it for some websites, one can also change the stupid CAPTCHAs to an less-disturbing automatic JavaScript challenge, so it's hard to give an excuse for not doing anything. It's a effective solution, we just need to ask people to do it. This functionality is not well-known and many sysadmins are ignorant about it. Perhaps a campaign website with a name like whitelist-tor.org can help, we can put introduction and instructions and arguments about Cloudflare whitelisting. So users can persuade the website to do it, sysadmins can be educated, etc. I can host the website for the community, if there are people who wish to join to design the web-page and write the text. What is your opinions about Privacy Pass, CAPTCHA problem and my proposal? Bob. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk