1. I've tried JS on and off, in Tor Browser, and in a proxied stock firefox.
2. No. It's a crapshoot. Sometimes it does, but about >75% of the time, it goes into CAPTCHA loops.
3. There's plenty of things that could be done to alleviate this issue :
One, they could set up their own .onion service, and redirect TOR users to it. And that would rate-limit any potential TOR-user based damage.
Two, since sessions are per TCP, just slow the TCP down accordingly. That's standard practice for things like tarpits and the like.
Three, there's no need for CAPTCHAs on a HTTP GET, if not done in a harassing manner. But this basis is on being in a "Bad IP list". POSTs are a whole different story.
2. No. It's a crapshoot. Sometimes it does, but about >75% of the time, it goes into CAPTCHA loops.
3. There's plenty of things that could be done to alleviate this issue :
One, they could set up their own .onion service, and redirect TOR users to it. And that would rate-limit any potential TOR-user based damage.
Two, since sessions are per TCP, just slow the TCP down accordingly. That's standard practice for things like tarpits and the like.
Three, there's no need for CAPTCHAs on a HTTP GET, if not done in a harassing manner. But this basis is on being in a "Bad IP list". POSTs are a whole different story.