Tor users will not get Captcha Challenges anymore on Cloudflare protected websites

Cloudflare have launched a new service called “Cloudflare Onion Service” that differentiates between bots and legitimate Tor traffic. The important advantage of the new service is that Tor users will not get any CAPTCHAs when using a Cloudflare protected websites through the Tor Protocol.

The new Onion Service requires the Tor Team to make a small tweak in the Tor Binary to make it compatible with the latest version of Tor browser 8.0. The new Tor Browser for Android was launched earlier this month.

If you are a user of Tor the Browser you might have been experienced Google reCAPTCHAs when accessing a Cloudflare protected website, however now with the new Onion Service that will not be the case. However websites will need to tweak their code to take advantage of this feature.

The new Cloudflare Onion service is free for all the users of the Cloudflare platform and can be easily enabled by just switching the “Opportunistic Encryption” option on using the Crypto Tab in the Cloudflare dashboard.

Over time users of the Tor browser may have become restless since Google reCaptchas keep showing up constantly on websites. Administrators have also entered into an argument with Cloudflare since the service is sabotaging Tor Traffic asking users to solve the Captcha fields ten times or more in some cases.

Cloudflare has responded to all  accusations over a month by saying that most of the Tor’s traffic is either automated by Bots or the traffic originates from malicious actors.

Since Oct 2016 the company started working on methods to remove Captchas for Tor users by implementing methods such as Challenge Bypass Specification, however the project seems so far to have failed.

There has also been a blog post about how the Cloudflare team have used this feature with a Custom Proxy Header with HTTP/2 to create the Cloudflare Onion that is able to differentiate between “good” and “bad” Tor Browser users by only allowing only the good Tor Traffic to flow to the Cloudflare network sites.

Take your time to comment on this article.

Related posts

Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin