Re: [tor-talk] How to (Was: Tor and Google error / CAPTCHAs.)

2016-10-03 Thread Joe Btfsplk 

On 10/1/2016 12:36 AM, Alec Muffett wrote:


…which leads the the sort of posting that Joe posts above, essentially that 
some evil gods named Google and Cloudflare have, do and are, arranging for the 
websites of the internet to be hostile to people who need or want use Tor, by 
throwing lightning-bolts called CAPTCHAs at them.

If the intent is to say Google & other sites are trying to protect 
themselves & their users at all costs - point taken - in part.
If you're trying to sell that Tor isn't blocked because it's Tor, 
that'll be a hard sell.


If you're trying to defend Google and their colleagues' wonderful, law 
abiding, privacy respecting, above board track records and philanthropic 
endeavors, you're on the wrong list.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] How to (Was: Tor and Google error / CAPTCHAs.)

2016-09-30 Thread Alec Muffett 
On 1 Oct 2016, at 05:08, Joe Btfsplk  wrote:
> When the distorted characters were as legible as my writing, it always says 
> there was an error - please repeat.  Especially Google & Cloudflare.  A few 
> others may have been more Tor friendly.
> But use Firefox on the same sites - if the right scripts are allowed & not 
> too much blocked, and it's almost always success the 1st time.
> I'm not sure if their reasoning is, if it's just impossible to solve, there's 
>  less chance of someone trying crash their site, than if they say right off, 
> "You're using Tor - go away."

Watching the thread that leads up to this message puts me a little in mind of 
the Seligman experiments[1] on "learned helplessness" - but with a critical 
difference:

The similarity is that a series of jolting user experiences have led to a 
mythology springing up:

"this is what we observe, therefore this is how the world must work, and it 
must be intended to be working this way because nothing else makes sense and no 
other explanation is forthcoming" -

…which leads the the sort of posting that Joe posts above, essentially that 
some evil gods named Google and Cloudflare have, do and are, arranging for the 
websites of the internet to be hostile to people who need or want use Tor, by 
throwing lightning-bolts called CAPTCHAs at them.

The difference is that - as I tried to outline in an earlier posting - all the 
CAPTCHAs and so-forth are *not* caused by some bunch of omniscient corporate 
scientist-gods who are systematically applying electric shocks to dissuade 
people from using Tor, nor indeed is there any kind of permanent and invariant 
"logic" to the CAPTCHA behaviour which by ritual (enable this, disable that, 
pray harder, give up Javascript for Lent) will remediate the problem.

(Aside: It's also not typically about Tor users "crashing the site".)

Instead unlike the Seligman experiments, all these CAPTCHA-shocks are mere 
side-effects of a hodge-podge of code and network configuration, changing 
weekly or daily as it gets poked and prodded by systems-administration people 
who are prettymuch-the-same-as-you, their intention being to defend:

- access to their website, and 

- the data that the people uploaded to it

…from robots, scrapers and "bad" people who hide[2] amongst the "good" or 
"needful" people who use Tor.

The long-term solution is not to get caught up in a homebrew religion 
discussing "how to get access to  whilst it is defended by a 
capricious multi-headed olympian monster named CAPTCHA". The long-term solution 
is the much harder and slower one of politely making the systems administrators 
aware that you "would really like to use Tor to access [their] website, please".

I'll admit that this does not help someone who is stuck with the first-order 
challenge of:

  "I need to get into  to read my e-mail **tonight**"

...but I believe it will be easier to bear, address, and eventually fix if one 
stops thinking that CAPTCHA is the order of the universe, and instead that 
"clearly some person at  is not aware that I want to use Tor to access 
their site, perhaps it's hard for them to accommodate my wants but if I reach 
out to them, maybe they can whitelist Tor exit nodes, or something."

The CAPTCHA "shocks" don't need to happen to you - or at least not all the 
time. A few are okay, that's what they are there for. Try to have a nice 
conversation with the actual human beings who run or represent the sites you 
want to access.  Be aware (and unwavering!) that their security mechanisms 
_can_ be tweaked and adapted - but also understand that the mechanisms are 
actually there for a probably-good purpose, and you're caught up as a side 
effect of using the same software that "bad people" also use to scrape their 
website.

"But hey, isn't that the story of the entire Internet?" :-)

This is how to foster change.

- alec

--

[1]https://en.wikipedia.org/wiki/Learned_helplessness

[2]for some sites it's entirely possible that there are fewer "good" people who 
use the site over Tor, than there are "bad" people scraping it, leading to a 
kind of "hostage" situation.  One way to break that deadlock is to ask site 
owners to set up an official "onion" site, which - for exactly the same reason 
of "lack of awareness" - the scrapers are less likely to use, but still 
enabling the "good" people. One of my personal side-projects is to document 
precisely how cheap and easy it is to do this, because "a cheap and easy fix" 
is an attractive proposition.

--

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk