CAPTCHAs have effectively protected websites from harmful bots and various types of spam for years. They are an internet commonplace. For Tor users, however, the number of CAPTCHAs presented to the user becomes debilitating. Tor users have routinely voiced complaints about the number of anti-robot puzzles presented to them.
CloudFlare, however, has defended their use of CAPTCHAs, stating that 94% of requests from the Tor network are malicious. When a user browses the internet using Tor, they are assigned the IP address of the Tor exit node. Many users, and bots, use the same exit node. Differentiating between concurrent legitimate and malicious requests coming from the same IP is no easy task.
Consequently, some form of filtering needs to be done to protect the website being travelled to.
In March 2016, CloudFlare implemented a step in what some consider the right direction. Website owners using CloudFlare as a CDN were given the option to whitelist all incoming Tor traffic. However, in whitelisting all such traffic, the site essentially becomes vulnerable to everything the CAPTCHA would detect and prevent.
Some sites began to utilize this configuration. DeepDotWeb whitelisted every Tor exit node and