CloudHole: make CloudFlare's I'm not a robot captchas appear less often
One of the disadvantages of connecting to a VPN or Tor is the dreaded "I'm not a robot" message that you get on every site you visit that uses CloudFlare.
An intermediary page is displayed to you that notifies you that there is "one more step" to complete before you can access the site you want to load in your browser of choice.
You need to check the I'm not a robot" box, and complete one or multiple captchas first before you are allowed to access the site you want to visit.
Cloudflare uses different types of captchas, for instance multiple choice ones where you need to select all matching items on an image map.
CloudHole
The main issue here is that you need to repeat the process on every site using CloudFlare, and sometimes even on the same site if you reload it.
I always wondered by CloudFlare would not make the system more comfortable by whitelisting an IP address for a certain amount of time after a user successfully confirmed to the service that an actual user was trying to access the site protected by the service.
The brand new Firefox add-on CloudHole attempts to do just that by storing user agent and clearance cookie when solving captcha codes so that they can be reused on other sites.
This add-on stores the user agent and clearance cookie when you solve a captcha, and re-uses it on other websites as long as it's still valid, easing the pain during your browsing session.
So, instead of having to go through captchas on every site while using a VPN or Tor, you only have to fill out some.
CloudHole cannot get rid of them completely but it can make the whole process more comfortable by reducing the number of captcha codes you need to solve.
The extension for Firefox ships with an API that allows users to share valid cookies which gets cookies from other users for use on your system.
You can click on the add-on icon to manage CloudHole API access and check out user agents, clearance cookie data and the API key.
Closing Words
The idea behind CloudHole makes sense. If you visit lots of sites throughout the day and get cookies for each that is using CloudFlare, you know how time consuming and annoying this can be.
CloudHole on the other hand does not resolve the issue completely but you will get less I'm not a robot prompts while using it.
If you don't feel comfortable using the API provided, disable the feature so that only locally saved cookies and information are used to improve the process.
ive never been able to get this extension to work, not 1 single time.
This captcha are not working for me at all !!
i dont know why maybe cloudflare blackliste my ip
but with Captcha v1 it work now nop
This seems to negate part of the reason why you use VPN/TOR. You use a unique identifier that can identify a single user doing things on the internet coming with traffic coming from different exit nodes.
Interesting. Thanks.
Useful add-on, but I have an easier solution: don’t visit the problematic site. This is seriously the only way for web admins to get the message that it’s not cool to block VPNs and TOR.
If they are so dumb to use something as ridiculous as those captchas, I doubt whether they’ll ever get the message…
I understand that people want to protect their sites against whatever dirt, my computer is protected, too. But let them at least use a minimum of intelligence and user-friendlyness. Last I met a captcha that actually worked, but in all other cases I encountered it just does not. No matter how correctly i solve them, they always come back telling that it’s not valid. There is even a site that does not even display anything to copy, so what would I be supposed to enter… ?
Besides debility, it also is not cool at all to welcome visitors with a dumb robot, especially not while they themselves want to keep robots out…
But yes, ignoring them is indeed what I use to do with such sites.
“Last I met a captcha that actually worked, but in all other cases I encountered it just does not”
Agree that captcha is not friendly to users, but never ran into one that “doesn’t work”.
The problem is usually a conflict with an adblocker like Adblock+ or uMatrix, forcing one to turn on scripts to get the captcha to even show up (lately, been seeing only the click box, but not the prompt to select images, or to retype the alphanumeric).
This extension will be a nice way to open scripts once for the captcha and closing them again for the session vs opening for each time a website requests it.
Really? Someone made an app for THIS, of all things?
That box is probably the most lenient reCAPTCHA around. It’s not like you have to solve some crossed out letters, or stare at an image with blurred numbers, or anything of that sort. Really? Clicking a box is too hard for you?
As a tor user, these captchas are honestly annoying and benefit nobody really. I shouldn’t have to re-enable javascript and make tor less secure, so I can do these stupid things to just read a news article.
Anybody that wants to create a tor-friendly non-js workaround for these abominations should do so, and tor users like me would donate to get and keep something like that going.
I don’t know how Google rates your identity, connection and country, but almost every time it is not just limited about simply clicking the box to be done. Often I have to solve one or two picture selections. Especially with proxies this is just ridiculous anyway how often it happens. So +1 for creative solutions like these. You need to think a little out of the box please. I was already shocked when I saw how many people on some forums gave stupid answers when I was looking up how to disable the charging LED on Android devices. They have insulted the original poster and said stuff like “just flip the phone”, and I was shaking my head when I had to read that… The same logic applies here too: Missing out of box thinking. They were not aware that people want to see notification lights when their device is charging. It could also be too bright at night when charging the device, but when there is an important message, of course you still would like to see the flashing LED. So with a ground-facing phone you won’t see it. Additionally, it can also save lifetime of the LED.
TL;DR: Don’t stultify solutions and ideas just because they seem not useful to >you<. Thanks.
Cool! Now spambots have a loophole they can exploit! Thanks, CloudHole!
Doesn’t work with the latest Tor Browser (based on Firefox 38.7).
CloudHole works with Firefox 45.0 and later.
The Tor Project specifically recommends against installing browser extensions:
https://www.torproject.org/docs/faq.html.en#TBBOtherExtensions
The bad part of a CAPTCHA is when it appears in a foreign language, since the IP of the Tor exit node is foreign. Other than that, I don’t mind so much.
Any idea when the Tor Browser will be updated to the new ESR base version?
If previous TOR version are any indication, then the EOL of the ver 38 ESR version so less than 12 weeks from now or when Firefox 47 is released. Then all ESR 38 installs will be updated to ESR 45.