Wave goodbye to CloudFlare Captchas: Cloudflare Privacy Pass lands
If you connect to the Tor network or VPN services regularly, you may have noticed an increase in CloudFlare captcha challenges whenever you are connected to these networks.
Depending on which sites you visit, to which network you are connected, and how the site is configured, you may need to solve captchas quite often, and sometimes on any page you open on that particular site.
This is obviously not desirable as you spend more time solving captchas than browsing the site in question.
I reviewed the Firefox add-on CloudHole back in 2016 which promised to reduce the number of CloudFlare captchas by storing user agent and clearance cookie information so that they may be reused in future challenges. The extension is still available, and it appears to work just fine.
Cloudflare Privacy Pass
Cloudflare Privacy Pass is an official extension for Firefox and Chrome that has been designed for the same purpose. The browser extension uses a different system though, as it takes advantage of CloudFlare's Challenge Bypass Specification.
The specification "has been developed to allow bypassing challenge pages using signed tokens that guarantee anonymity to the user". Basically, what it is designed to do is reduce the number of challenges that are thrown on devices connect to the Tor network or VPN services without leaking identity information.
Cloudflare Privacy Pass works silently in the background for the most part. It lets you bypass CloudFlare challenges pages if a valid solution has already been submitted during the session.
The extension generates cryptographically "blinded" tokens that are signed by Cloudflare's edge when a CAPTCHA is solved. These tokens are "unblinded" and stored by the extension for future use; they are redeemed automatically when a future challenge page is seen. The "blinding" procedure means that signed and redeemed tokens are cryptographically unlinkable from Cloudflare's perspective and, as such, are suitable for usage in conjunction with external anonymity measures (such as Tor/VPNs).
The extension is available for Firefox and Google Chrome. It installs fine in the Tor Browser, but I'm not 100% sure it works in that browser right now as it is provided as a WebExtension.
While it installed fine, I had trouble getting any site to throw a captcha while using the Tor browser (go figure).
Anyway, if you use Tor or a VPN regularly and are exposed to an ungodly number of challenge captchas, you may want to give this extension a try as it may help reduce the number of captchas per browsing session significantly.
Update: The extension has been pulled. Privacy Pass is a new extension that offers similar functionality.Advertisement