Comments on: Using Tor Users to Solve CAPTCHAs http://www.computerdefense.org/2008/03/using-tor-users-to-solve-captchas/ Sharing my thoughts with the world. Mon, 26 Jul 2010 03:10:24 -0400 http://wordpress.org/?v=2.8.5 hourly 1 By: George http://www.computerdefense.org/2008/03/using-tor-users-to-solve-captchas/comment-page-1/#comment-160116 George Mon, 07 Jun 2010 02:11:35 +0000 http://www.computerdefense.org/2008/03/23/using-tor-users-to-solve-captchas/#comment-160116 I'm not really sure if this discussion will help my issue or not, but I'm having problems with encountering captchas while using anonymizers for IP masking and anonymous web browsing. The captcha is invisible it cannot be typed into the captcha box because it cannot be seen and whatever you needed to do when you needed to type the captcha suddenly comes to a halt because the anonymizer apparently cannot process it. While i have not tried Tor yet I have had this problem with every proxy, anonymizer, and IP masker I have used so far. Is it a general failing common to all such programs? Can Tor help to solve this issue? I'm not really sure if this discussion will help my issue or not, but I'm having problems with encountering captchas while using anonymizers for IP masking and anonymous web browsing. The captcha is invisible it cannot be typed into the captcha box because it cannot be seen and whatever you needed to do when you needed to type the captcha suddenly comes to a halt because the anonymizer apparently cannot process it. While i have not tried Tor yet I have had this problem with every proxy, anonymizer, and IP masker I have used so far. Is it a general failing common to all such programs? Can Tor help to solve this issue?

]]> By: Richard http://www.computerdefense.org/2008/03/using-tor-users-to-solve-captchas/comment-page-1/#comment-77544 Richard Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/23/using-tor-users-to-solve-captchas/#comment-77544 As i read in an <a href="http://www.amirharel.com/2008/03/captcha-is-broken_22.html">early post</a> about it, spammers use porn-network to break captcha. As i read in an early post about it, spammers use porn-network to break captcha.

]]> By: tyler_regul5659 http://www.computerdefense.org/2008/03/using-tor-users-to-solve-captchas/comment-page-1/#comment-77398 tyler_regul5659 Mon, 19 Jan 2009 14:20:06 +0000 http://www.computerdefense.org/2008/03/23/using-tor-users-to-solve-captchas/#comment-77398 @Eric, <br /> <br /> Thanks for the details... I never meant to imply that it was a flaw in Tor... I was simply discussing a cool concept. <br /> <br /> The captcha to relay mail is actually very interesting... I would love details if you go ahead with any testing of that. @Eric,

Thanks for the details… I never meant to imply that it was a flaw in Tor… I was simply discussing a cool concept.

The captcha to relay mail is actually very interesting… I would love details if you go ahead with any testing of that.

]]> By: Eric http://www.computerdefense.org/2008/03/using-tor-users-to-solve-captchas/comment-page-1/#comment-77403 Eric Mon, 19 Jan 2009 14:20:06 +0000 http://www.computerdefense.org/2008/03/23/using-tor-users-to-solve-captchas/#comment-77403 Tor does not "protect" against this. In fact, tor provides a mechanism that makes this easy for endpoint operators. I redirect all port 80 traffic to a squid transparent caching proxy in order to reduce the amount of bandwidth tor uses. It would be trivial to modify squid to insert captchas before returning web pages. <br /> <br /> This is not a flaw in tor. It all comes down to the fact that tor onion routers are all run by volunteers who are free to place any conditions they like on the use of their servers. They can require you to verify captchas, solve math problems, play door games, or anything else before they let your traffic through. They can stop running tor servers entirely if they want to. <br /> <br /> In fact, this gives me a constructive idea. Tor normally blocks outgoing connections to port 25 to prevent spammers from hiding in the tor network. But if exit nodes were able to force users to verify a captcha before relaying mail, endpoint operators could safely open that port. Hmm... Tor does not "protect" against this. In fact, tor provides a mechanism that makes this easy for endpoint operators. I redirect all port 80 traffic to a squid transparent caching proxy in order to reduce the amount of bandwidth tor uses. It would be trivial to modify squid to insert captchas before returning web pages.

This is not a flaw in tor. It all comes down to the fact that tor onion routers are all run by volunteers who are free to place any conditions they like on the use of their servers. They can require you to verify captchas, solve math problems, play door games, or anything else before they let your traffic through. They can stop running tor servers entirely if they want to.

In fact, this gives me a constructive idea. Tor normally blocks outgoing connections to port 25 to prevent spammers from hiding in the tor network. But if exit nodes were able to force users to verify a captcha before relaying mail, endpoint operators could safely open that port. Hmm…

]]>