On 1 Oct 2016, at 05:08, Joe Btfsplk wrote:
> When the distorted characters were as legible as my writing, it always says
> there was an error - please repeat. Especially Google & Cloudflare. A few
> others may have been more Tor friendly.
> But use Firefox on the same sites - if the right scripts are allowed & not
> too much blocked, and it's almost always success the 1st time.
> I'm not sure if their reasoning is, if it's just impossible to solve, there's
> less chance of someone trying crash their site, than if they say right off,
> "You're using Tor - go away."
Watching the thread that leads up to this message puts me a little in mind of
the Seligman experiments[1] on "learned helplessness" - but with a critical
difference:
The similarity is that a series of jolting user experiences have led to a
mythology springing up:
"this is what we observe, therefore this is how the world must work, and it
must be intended to be working this way because nothing else makes sense and no
other explanation is forthcoming" -
…which leads the the sort of posting that Joe posts above, essentially that
some evil gods named Google and Cloudflare have, do and are, arranging for the
websites of the internet to be hostile to people who need or want use Tor, by
throwing lightning-bolts called CAPTCHAs at them.
The difference is that - as I tried to outline in an earlier posting - all the
CAPTCHAs and so-forth are *not* caused by some bunch of omniscient corporate
scientist-gods who are systematically applying electric shocks to dissuade
people from using Tor, nor indeed is there any kind of permanent and invariant
"logic" to the CAPTCHA behaviour which by ritual (enable this, disable that,
pray harder, give up Javascript for Lent) will remediate the problem.
(Aside: It's also not typically about Tor users "crashing the site".)
Instead unlike the Seligman experiments, all these CAPTCHA-shocks are mere
side-effects of a hodge-podge of code and network configuration, changing
weekly or daily as it gets poked and prodded by systems-administration people
who are prettymuch-the-same-as-you, their intention being to defend:
- access to their website, and
- the data that the people uploaded to it
…from robots, scrapers and "bad" people who hide[2] amongst the "good" or
"needful" people who use Tor.
The long-term solution is not to get caught up in a homebrew religion
discussing "how to get access to whilst it is defended by a
capricious multi-headed olympian monster named CAPTCHA". The long-term solution
is the much harder and slower one of politely making the systems administrators
aware that you "would really like to use Tor to access [their] website, please".
I'll admit that this does not help someone who is stuck with the first-order
challenge of:
"I need to get into to read my e-mail **tonight**"
...but I believe it will be easier to bear, address, and eventually fix if one
stops thinking that CAPTCHA is the order of the universe, and instead that
"clearly some person at is not aware that I want to use Tor to access
their site, perhaps it's hard for them to accommodate my wants but if I reach
out to them, maybe they can whitelist Tor exit nodes, or something."
The CAPTCHA "shocks" don't need to happen to you - or at least not all the
time. A few are okay, that's what they are there for. Try to have a nice
conversation with the actual human beings who run or represent the sites you
want to access. Be aware (and unwavering!) that their security mechanisms
_can_ be tweaked and adapted - but also understand that the mechanisms are
actually there for a probably-good purpose, and you're caught up as a side
effect of using the same software that "bad people" also use to scrape their
website.
"But hey, isn't that the story of the entire Internet?" :-)
This is how to foster change.
- alec
--
[1]https://en.wikipedia.org/wiki/Learned_helplessness
[2]for some sites it's entirely possible that there are fewer "good" people who
use the site over Tor, than there are "bad" people scraping it, leading to a
kind of "hostage" situation. One way to break that deadlock is to ask site
owners to set up an official "onion" site, which - for exactly the same reason
of "lack of awareness" - the scrapers are less likely to use, but still
enabling the "good" people. One of my personal side-projects is to document
precisely how cheap and easy it is to do this, because "a cheap and easy fix"
is an attractive proposition.
--
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk