Opened 8 years ago

Closed 7 years ago

#5492 closed defect (fixed)

Talk to Google recaptcha team about BridgeDB's recaptcha-proxying strategy

Reported by: aagbsn Owned by: aagbsn
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords:
Cc: mikeperry, ioerror Actual Points:
Parent ID: #5481 Points:
Reviewer: Sponsor:

Description

BridgeDB proxies recaptcha requests for our users so that we don't leak their infos to Google.

We don't know how happy Google will be about this. It's possible that bridges.torproject.org could get blocked from the recaptcha API.

We could proxy the captcha requests through Tor, it would make bridges.tpo load slightly slower, but then the requests would just look like a Tor user had landed on bridges.torproject.org (from Google's perspective). That could be considered rude, and we don't want Google to start treating Tor users differently. Although this may already be the case, because some google searches over Tor are denied without even a captcha.

We could use a different captcha implementation.

As I already implemented recaptcha support and Google is responsible for making sure they keep working, we should talk to them first and see if the current implementation is acceptable before exploring other options.

It was suggested that Mike or Jake could provide an introduction.

This is the ticket to track the progress of this discussion.

Child Tickets

Change History (2)

comment:1 Changed 8 years ago by arma

Assuming we special-case the bots who are hitting bridges.torproject.org, I think there aren't actually that many requests coming in. So I agree that we should talk to Google about how to handle scaling up, but I think that shouldn't block initial deployment and testing.

comment:2 Changed 7 years ago by aagbsn

Resolution: fixed
Status: newclosed

After speaking to Google, they OK'd us proxying ReCAPTCHA.

Note: See TracTickets for help on using tickets.