These captchas are a great pain for Tor users, who are often presented with them on all websites protected by CloudFlare.
It would be greatly appreciated if the code used for the paper were released, even better if it's in the form of a Firefox extension and submitted to the Tor Browser maintainers for inclusion in the default install.
CS papers don't usually publish code, given that the code is usually research quality (read: built for a specific hypothesis, usually hard to port and generalize). Technically speaking the implementation for the code is given in the paper, which means someone could definitely build it. You also don't really want a tool like this for botters in an easily accessible form.
Actually, I think he/she does want this easily-accessible to bot creators. And I think I do, too. Because it might escalate the captcha war perhaps to something besides CloudFlare's awful policy of forcing Tor users to complete a handful of captchas every time we load a page. I don't have a lot of faith that CloudFlare would do something to improve the user experience, but I am fairly certain they would do something to reduce their internal operating costs (don't serve pages to tor users without captcha completion, don't respond to DNS ANY queries, only use SSL to the nearest edge location, etc). For those of us tired of completing tons of CloudFlare's Tor captchas, I eagerly await something that ends up costing CloudFlare more to maintain the captchas than it's worth. Such as, for example, bot creators being able to circumvent the captchas easily. CloudFlare could just turn off Tor access, but they're not afraid of the impact of their technical decisions. And there will probably eventually be some way around that, too. That's the nature of an arms race.
This is one of the most disappointing points about research. They write code and then don't release it as free software. Sure, it isn't "production ready" but if you don't provide the code you wrote then someone will have to waste time reimplementing it.
Holding onto code gives researchers a competitive advantage over other researchers when performing follow up papers. I'm not saying this is a good thing, rather this is something to be aware of.
Also, the burden of proof is usually on someone to disprove a paper, rather than proving it, so having someone reimplement it (possibly in another, but similar, manner) allows a fresh pair of eyes at the research topic.
9 comments
[ 3.3 ms ] story [ 19.4 ms ] threadIt would be greatly appreciated if the code used for the paper were released, even better if it's in the form of a Firefox extension and submitted to the Tor Browser maintainers for inclusion in the default install.
Also, the burden of proof is usually on someone to disprove a paper, rather than proving it, so having someone reimplement it (possibly in another, but similar, manner) allows a fresh pair of eyes at the research topic.
Slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Siva...
Notes: https://www.blackhat.com/docs/asia-16/materials/asia-16-Siva...
Source: https://www.blackhat.com/asia-16/briefings.html