Hacker News new | past | comments | ask | show | jobs | submit login

Except solving reCAPTCHA shouldn't be necessary in order to read a website. I get (though still don't like) the justification for any modification actions, but GETs shouldn't ever trigger a reCAPTCHA check.

Of course, the Tor folks told the CloudFlare folks about this many years ago and CloudFlare still acts as a giant censorship machine and continues to block anonymous users from reading content on the internet. Not to worry though -- you can install their extension[+] to "protect your privacy" to bypass the reCAPTCHA that CloudFlare themselves erected in front of other people's websites! It's definitely not in any way comparable to an arsonist selling fire insurance as a side gig -- at least with fire insurance you actually got something out of the exchange!

[+] Which does have a paper that explains the security of the cryptosystem, but a single paper does not make a protocol secure by default. I'm not a cryptographer, but the Tor folks did raise some concerns in the issue where PrivacyPass was discussed, and there's no doubt that combining Tor with a system that is nowhere nearly as battle-tested should be a major point of concern.




Many site operators try to spend the absolute least amount of money on servers, so it's common for simple "GET request spam" DDOS attacks to take down a website (especially on dynamic, DB-driven sites). CF in this situation is helping these site owners take the easy road and recaptcha DDOS attacks instead of scaling up servers or having to implement smart caching strategies.


Let me present an alternative framing: A business doesn't have to allow you to access and use it's content in any way you would prefer to access and use it. Part of the bargain of the web is you get a lot of content for free at your fingertips because someone else is paying for the servers. Right now that's mostly ad money because it's simple to add and doesn't require companies to change their content much. Ad blocking, tracking blocking, and anonymizers are all circumventing the funding model that makes a lot of the web possible.

Do I wish there was an alternative to aggressive ads and tracking? Hell yes. Do I want to pay every website individually for what I view? Nope, and companies don't either because it would massively hurt their growth for people coming in new.


I don't know why you're talking about online advertising. People use Tor for a wide variety of reasons, many of which are completely unrelated to whatever business model the target website has. In addition, my comment was about CloudFlare (a MITM) putting reCAPTCHA on other people's websites -- I don't see how advertising is even slightly related to that topic.

I would argue a "better" framing designed to emotionally manipulate would be "why are you trying to block people in oppressive regimes from being able to read about the outside world and organise themselves, putting them in danger of being murdered by their government"? But it would be dishonest to make the discussion about "why do you want to kill people", just as it is dishonest to make the discussion about website business models.


CloudFlare isn't just going around randomly putting their caching/filtering in front of websites they're choosing to have it there though. The sites are choosing it.

Advertising is related here because recaptcha's use of tracking, primarily used for advertising, as a factor in determining their score for users and also because blocking ads/tracking is part of the cause behind people's issues with recaptcha.


It is also problematic when you wish to use external download managers (which I always do).




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: