Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Identifying the user?? (Score 5, Informative) 54

To be specific, let me quote the spec:

The current Cloudflare CAPTCHA simply places a cookie allowing you to access the website. Since Cloudflare controls the origins, it could currently correlate user sessions across multiple circuits using these cookies. This is a gap in the Tor Browser threat model- the design explicitly ignores linking within a session by malicious first parties, but Cloudflare has effectively first-party control over a large proportion of the web.

Our design is an improvement over this state of affairs. Since the CAPTCHA service only sees blinded nonces, Cloudflare cannot link a CAPTCHA solution session to a given redemption request. Since each token is used only once, in contrast to a cookie, the tokens themselves cannot be used to link requests.

Comment My Chrome must-haves (Score 1) 195

AdBlock Plus.
HTTPS Everywhere.
Desktop Notifications for StackExchange.
Chrome extension source viewer (allows examining extensions and apps without installing them).
Kicktraq (shows funding graphs embedded in the header of Kickstarter page)
RSS Subscription Extension + The Old Reader Notifier (disclosure: I maintain that one)
A few self-written extensions for Fallen London browser game.

Slashdot Top Deals

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"