If you connect to the Tor network or VPN services regularly, you may have noticed an increase in CloudFlare captcha challenges whenever you are connected to these networks.
Depending on which sites you visit, to which network you are connected, and how the site is configured, you may need to solve captchas quite often, and sometimes on any page you open on that particular site.
This is obviously not desirable as you spend more time solving captchas than browsing the site in question.
I reviewed the Firefox add-on CloudHole back in 2016 which promised to reduce the number of CloudFlare captchas by storing user agent and clearance cookie information so that they may be reused in future challenges. The extension is still available, and it appears to work just fine.
Cloudflare Privacy Pass is an official extension for Firefox and Chrome that has been designed for the same purpose. The browser extension uses a different system though, as it takes advantage of CloudFlare's Challenge Bypass Specification.
The specification "has been developed to allow bypassing challenge pages using signed tokens that guarantee anonymity to the user". Basically, what it is designed to do is reduce the number of challenges that are thrown on devices connect to the Tor network or VPN services without leaking identity information.
Cloudflare Privacy Pass works silently in the background for the most part. It lets you bypass CloudFlare challenges pages if a valid solution has already been submitted during the session.
The extension generates cryptographically "blinded" tokens that are signed by Cloudflare's edge when a CAPTCHA is solved. These tokens are "unblinded" and stored by the extension for future use; they are redeemed automatically when a future challenge page is seen. The "blinding" procedure means that signed and redeemed tokens are cryptographically unlinkable from Cloudflare's perspective and, as such, are suitable for usage in conjunction with external anonymity measures (such as Tor/VPNs).
The extension is available for Firefox and Google Chrome. It installs fine in the Tor Browser, but I'm not 100% sure it works in that browser right now as it is provided as a WebExtension.
While it installed fine, I had trouble getting any site to throw a captcha while using the Tor browser (go figure).
Anyway, if you use Tor or a VPN regularly and are exposed to an ungodly number of challenge captchas, you may want to give this extension a try as it may help reduce the number of captchas per browsing session significantly.
Update: The extension has been pulled. Privacy Pass is a new extension that offers similar functionality.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.