Using Tor Users to Solve CAPTCHAs
A discussion elsewhere got me thinking about this, and some quick googling didn't turn anything up. If there are already write-ups on this, I would love if people could point me toward them.
Let's say that you are using Tor. When your traffic traverses Tor, it hits an end-point somewhere. That end-point knows that it is your end-point. Now, I'm a malicious individual... a spammer who needs CAPTCHAs solved. What do I do? I setup a Tor server and pass you my CAPTCHAs to solve. I don't believe it would be that difficult to inject CAPTCHAs into the mix. Your Tor connection comes into the server, but outbound HTTP passes through a proxy... this proxy is designed to display CAPTCHAs.
As I said, maybe this has already been discussed elsewhere, and maybe Tor even has protections against it. Either way, I'm really surprised that you don't hear about this more often. I've read about people paying to have CAPTCHAs solved... the only cost associated with this would be bandwidth. You could even expand on it to save bandwidth. A botnet deploys Tor across several thousand machines... these machines all forward the non-local HTTP traffic to "CAPTCHA proxies".
Since Tor users are accustomed to solving proxies for search engines and other big sites, they may not even notice these CAPTCHAs.
So let me know what you think... Thoughts, ideas, evidence of this, papers on this... it's all good.
@Eric,
Thanks for the details… I never meant to imply that it was a flaw in Tor… I was simply discussing a cool concept.
The captcha to relay mail is actually very interesting… I would love details if you go ahead with any testing of that.
Tor does not "protect" against this. In fact, tor provides a mechanism that makes this easy for endpoint operators. I redirect all port 80 traffic to a squid transparent caching proxy in order to reduce the amount of bandwidth tor uses. It would be trivial to modify squid to insert captchas before returning web pages.
This is not a flaw in tor. It all comes down to the fact that tor onion routers are all run by volunteers who are free to place any conditions they like on the use of their servers. They can require you to verify captchas, solve math problems, play door games, or anything else before they let your traffic through. They can stop running tor servers entirely if they want to.
In fact, this gives me a constructive idea. Tor normally blocks outgoing connections to port 25 to prevent spammers from hiding in the tor network. But if exit nodes were able to force users to verify a captcha before relaying mail, endpoint operators could safely open that port. Hmm…
As i read in an early post about it, spammers use porn-network to break captcha.
I'm not really sure if this discussion will help my issue or not, but I'm having problems with encountering captchas while using anonymizers for IP masking and anonymous web browsing. The captcha is invisible it cannot be typed into the captcha box because it cannot be seen and whatever you needed to do when you needed to type the captcha suddenly comes to a halt because the anonymizer apparently cannot process it. While i have not tried Tor yet I have had this problem with every proxy, anonymizer, and IP masker I have used so far. Is it a general failing common to all such programs? Can Tor help to solve this issue?