Less CloudFlare captchas with Privacy Pass - gHacks Tech News

Less CloudFlare captchas with Privacy Pass

Privacy Pass is a new browser extension for Mozilla Firefox and Google Chrome to reduce the number of captchas that legitimate users get when they access CloudFlare protected properties on the Web.

CloudFlare protects a large part of the Internet, and that is why the company's captcha solutions designed to determine whether a visitor is a human or a bot are found on many different sites.

The current system throws a captcha at users regularly when they visit different sites. It is not a "prove once that you are human and you are done" kind of system.

Privacy Pass is not the first browser extension of its kind. The browser extension CloudHole came out in 2016, and while it is still available for Firefox, it has not been updated for nearly a year.

A more recent extension is Cloudflare Privacy Pass. It was based on the challenge bypass specification, and while it has been pulled, Privacy Pass appears to use the same interface and icon.

Challenge Bypass Extension

privacy pass

Challenge Bypass Extension is available for Firefox and Google Chrome. The extension works on websites using a "blind signature" protocol, and reduces the number of captchas that are shown to users by gaining tokens when completing captchas that are spent to pass future challenges.

The "blinding" procedure means that signed and redeemed tokens are cryptographically unlinkable from the server perspective and, as such, are suitable for usage in conjunction with external privacy measures (such as VPNs).

Privacy Pass has been developed by members of the Royal Holloway University of London, and the University of Waterloo.

Cloudflare supports Privacy Pass currently, and clients get 30 signed tokens for each captcha that is solved in the browser while the extension is enabled.

This reduces the number of captchas displayed to users significantly, and is probably most appealing to users who connect to VPN networks, Tor, or are assigned IP addresses with bad track records.

Privacy Pass stores data locally that relates to the created tokens. The extension adds an icon to the browser's toolbar that lists a -- somewhat broken -- interface right now listing the number of available passes (before another captcha needs to be solved). The "get more passes" link opens the project's site on GitHub, and the only other option is to clear the available passes.

Check out the FAQ for additional details.

Closing words

Privacy Pass improves web browsing for Internet users who run into CloudFlare captchas regularly. Tor users are probably prime candidates for the extension, but certain VPN IP addresses and regular  IP addresses may throw captchas fairly regularly as well.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 1 votes
Software Name
Privacy Pass
Software Category
Browser
Landing Page




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. TelV said on November 10, 2017 at 2:48 pm
      Reply

      Don’t like the sound of that sentence, “Privacy Pass stores data locally that relates to the created tokens”. Presumably the data will have to be retained which implies a forthcoming privacy issue if it can be used to track users.

      1. Pants said on November 10, 2017 at 3:28 pm
        Reply

        https://privacypass.github.io/protocol/

        > Scenario 7: “This is basically our scheme”

        So they have worked around the following problems
        – scenario 1 – Linkability
        – scenario 2 – Malleability
        – scenario 3 – Redemption hijacking
        – scenario 4 – Tagging
        – scenario 5 – only one redemption per issuance
        – scenario 6 – Bandwidth

        Although this is not finished, the DLEQ needs more work from the quick scan I did. I am also not an expert :)

        I did however, find absolutely no privacy policy on github nor AMO

        1. TelV said on November 10, 2017 at 4:04 pm
          Reply

          Well, that’s good news at least. I don’t come across that many captchas, but I installed the extension anyway to see how it performs.

    2. Jimmy said on November 11, 2017 at 2:43 pm
      Reply

      hasn’t been updated for a yer but we def need to publish an article about it to encourage ppl use it.. Go Germany!

    3. TelV said on November 30, 2017 at 5:03 pm
      Reply

      Well, that was shortlived: https://imgbox.com/Qy4LQvpk

    4. Kal said on December 14, 2017 at 12:34 am
      Reply

    Leave a Reply