CAPTCHAs have effectively protected websites from harmful bots and various types of spam for years. They are an internet commonplace. For Tor users, however, the number of CAPTCHAs presented to the user becomes debilitating. Tor users have routinely voiced complaints about the number of anti-robot puzzles presented to them.
CloudFlare, however, has defended their use of CAPTCHAs, stating that 94% of requests from the Tor network are malicious. When a user browses the internet using Tor, they are assigned the IP address of the Tor exit node. Many users, and bots, use the same exit node. Differentiating between concurrent legitimate and malicious requests coming from the same IP is no easy task.
Consequently, some form of filtering needs to be done to protect the website being travelled to.
In March 2016, CloudFlare implemented a step in what some consider the right direction. Website owners using CloudFlare as a CDN were given the option to whitelist all incoming Tor traffic. However, in whitelisting all such traffic, the site essentially becomes vulnerable to everything the CAPTCHA would detect and prevent.
Some sites began to utilize this configuration. DeepDotWeb whitelisted every Tor exit node and encouraged other sites to follow suit. Unfortunately, this option did not catch on for the vast majority of websites. Many webmasters felt uncomfortable allowing every exit node the ability to bypass CAPTCHAs.
CloudFlare, being the massive CDN and anti-DDOS company that it is, may have found a solution. This potential solution comes in the form of a recent update to the challenge-bypass-specification proposal on CloudFlare’s GitHub repo. In the update, CloudFlare notably points out that Tor users do face a disproportionate number of CAPTCHAs
CloudFlare’s acknowledgement of the difficulty CAPTCHAs present to Tor users:
While CAPTCHAs in themselves are supposed to be easily solvable for humans, Tor users are dealt a disproportionate amount of these challenges due to the regularity of Tor exit nodes being deal with poor IP reputations. This problem has been likened to an act of censorship against Tor users as these users are the most targeted by this protection mechanism. This problem also affects users of certain VPN providers and of I2P services.
In an effort to make Tor browsing more seamless, CloudFlare is proposing a form of blind signatures. “A blind signature is a cryptographic signature in which the signer can’t see the content of the message that she’s signing,” Brave developer Yan Xu points out.
Tor users would solve a single CAPTCHA and in doing so, be granted a predefined number of access tokens. These access tokens would allow the user to visit websites without being confronted by subsequent CAPTCHAs. However, without the concept of blind signatures, this implementation would be fundamentally contradictory to the anonymity Tor provides.
Tokens granted to the user following the solving of an initial CAPTCHA would not be without limitations. Every puzzle solved would provide tokens that would be useable for standard web browsing. The number of granted tokens would be too low for attacks and malicious requests. Furthermore, this would not change the “protective guarantees” that CloudFlare currently offers.
“We also leave the door open to an elevated threat response that does not offer to accept bypass tokens,” authors explain.
Ultimately, if this proposal gets implemented, it would mean Tor users would experience a much smoother browsing experience. They would face less CAPTCHAs while maintaining the same anonymity currently provided.