How are you supposed to get passes? #97
Comments
|
My suspicion is that CF sometimes switches on and off this "feature", so only some people get passes. Which decreases an already miniscule anonymity set, making this invention a bad idea for anonymity purposes. But if you can't get any other internet, and captchas are killing you, maybe try tunneling your out-point elsewhere, or use a different DNS service, to maybe get this challenge-bypass working. The possible variables for when it works or not so far include the above, plus time of day and moon phase. |
|
Jump on a VPN and select an exit node that is in a generally less trusted region (read: where a lot of spam originates from) and it should trigger the captcha on https://captcha.website. India worked for me. Alternatively, connect to the TOR network, and I'm pretty sure that should trigger the captcha as well. It needs you to solve a real-life CF-hosted captcha to replenish the passes automatically. It would be beneficial if CF could always trigger the captcha on said website, but I can think of a few reasons why they don't want to do that. The solutions above worked for me, and I have 60 passes in Privacy Pass now. Not that I'm in any region that needs it, but it's nice to have those when you travel and/or use VPNs. Edit: grammar |
|
As @tommienu mentioned, the reason that the CAPTCHA website doesn't show is that it is currently configured in such a way that it requires manually enabling for each geographic region. Their solution should work in terms of getting a Cloudflare CAPTCHA page to show. This issue was also mentioned in #25 so I am going to close this one as a duplicate to keep the issue stack clean. Add a comment to that issue if you are still unable to get to a CAPTCHA page using a VPN/Tor.
@sesam This is categorically untrue, as you say Privacy Pass would have no utility if the anonymity set of users is very small. I'm happy to discuss with you why you think this, but if your suspicion solely arises from whether there is a CAPTCHA page shown on https://captcha.website, then this is purely a geographic concern. |
|
Why isn't the captcha shown to everyone? And why is this not clearly mentioned in the FAQ? I get a captcha challenge for several Cloudflare websites, so not sure why I should use Tor/VPN. |
https://captcha.website simply provides a mechanism for acquiring passes by simulating a challenge page. As I said the limitations in the configuration of the website means that the CAPTCHA is sometimes not shown for certain regions. We're working on a more robust procedure.
If you're seeing challenges for Cloudflare websites then you don't need to use https://captcha.website, Privacy Pass should generate passes when you complete them. See the wiki for the expected workflow: https://github.com/privacypass/challenge-bypass-extension#development |
|
For now it's quite clear that users need more hand-holding and clearer info
on whether the extension works as expected. Maybe the extension could have
some status on whether the user is currently in a "passes not needed"
network configuration, to avoid more of these potentially "false" bug
reports.
|
|
@sesam Happy to review PRs if you think this sort of thing would be useful. I'm currently working on other stuff, so I will probably not get around to doing anything like this myself anytime soon. |
|
One PR done :). Also, I just made a QT movie: https://www.dropbox.com/s/c3jbbihetombyo1/getting-30-privacy-passes.mov?dl=0 (2 MiB) |
|
@sesam It's not a "false bug report" and users don't need more hand-holding or QT movies. The entire issue is that going to captcha.website does not prompt to solve a captcha, even when tickets are zero, as you can clearly see in my screenshot. Not sure how a movie showing them something that doesn't happen is supposed to help. |
|
@ozupey I didn't mean it the way you might have understood me (oops). In your case, surely you (like me) have so far been using a "good WIFI", i.e. you connect from a region that won't get a CAPTCHA anyway. I'm proposing to include this important detail in PR #100 Some use-cases for a video is to show how it typically works. Then even if you're on a network connection that never gets a CAPTCHA, you can use the the movie to see and show how the extension works. Say, if you want to explain it to your grandma who has a CAPTHA-filled network back home :) |
|
@sesam Understood. I do get plenty of CAPTCHAs on sites that have their security settings configured as such. Most likely they're using "I'm under attack!" or a firewall rule configured to challenge certain visitors. I think as long as captcha.website is configured to give everyone a challenge, most of the confusion and issues will be gone. |
|
👍 I'm also thinking the captcha.website should have a tiny focused content, so instead of showing the project page content there, it would be better to say something like "You're good! You're either on a network connection that don't need to do CAPTCHAS, or you just solved one. If you used the Privacy Pass extension, click it to check if you have and have spent a pass. And have a nice day!" |
I read reports of having to solve a captcha on https://captcha.website/ - but I've never been presented with any captchas. I can get captchas by going to sites using Cloudflare, but solving those doesn't get me any passes.
The text was updated successfully, but these errors were encountered: