On Wed, Mar 16, 2016 at 03:22:46PM -0400, Michael StJohns wrote:
And lest anyone think I'm skimming over the whole reason for using
Tor: One reductio ad absurdum thing to do (extreme pain) would be
to require Captcha for *all* accesses to the IETF web pages - e.g.
ignore the evaluation of perceived threat from the querying site and
make all of us share in the pain. The other one would be to remove
Captcha for all. I don't think either of these passes the smell
test.
Why not? I've already pointed out (upthread, with references) that
captchas have no defensive value. Zero. None. They're snake-oil.
Pretending that they will actually stop a modestly-determined,
modestly-resourced attacker is foolish. *If* there is a need for
defensive measures, and if there is, I'd like to see that need qualified
and quantified, then fine: let's use some of the defensive mechanisms
that have been shown to work *and* which don't impede access by the
impaired/disabled, by Tor users, by those with Javascript turned off,
by those using alternate browsers or command-line programs, etc.
---rsk