Blind signatures to limit the number of CAPTCHAs presented to Tor users.
Solving the Cloudflare
Solving the Cloudflare CAPTCHA
Don’t click the post!
CAPTCHAs are actually hard
● Social class
Define “house” or “storefront” for everyone?
What’s a Cloudflare?
Tor Browser obscures these signals
Why do we serve CAPTCHAs?
Mostly, IP reputation of the Tor exits
Prior attack sightings lead to poor reputation
Thus, traffic from exits gets a CAPTCHA
Tor users get a lot of CAPTCHAs
Feel the love
It’s getting better!
Blocking innocent Tor users is a problem
What we’ve tried
● Intentionally blacklisted the office IP reputation
● reCAPTCHA v2 (which backfired - sorry!)
● Customer sites can whitelist Tor network as a “country”
● Altered the internal treatment of Tor traffic
● … some clever crypto thing?
We need to meet security requirements of both Cloudflare and Tor Browser
● CAPTCHA solutions allow a finite number of subsequent redemptions
● Unlinkable tokens
● Don’t require persistent client state / disk storage
● Resists farming
● Resists double-spend with minimal server state
● Relatively efficient server computations
Look, a clever crypto thing!
Blind signatures for rate-limiting
Tor Browser plugin + an edge service
User solves a CAPTCHA and submits many blinded tokens for signing
Later, unblinds and submits a token instead of solving CAPTCHA
Users solve only one challenge per N websites visited
Tokens are unlinkable, work cross-domain over multiple circuits unlike cookies
Maintains Tor Browser’s strong first-party isolation
Boring, reliable old Chaumian RSA plus elements from Google’s macaroons - not
trying to innovate in algorithms
But really- RSA?
● Suggestions welcome! But it must be practical to deploy in a browser
● BLAC/BLACR (pairings? in a browser?)
● “Algebraic MACs and Keyed-Verification Anonymous Credentials”
● This is generalizable to VPNs and carrier-grade NAT
Deanonymization: does this create new vectors?
Stockpiling: how do we limit token farming?
Exhaustion: how to stop a malicious site from draining tokens?