The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?
That’s hardly the Turing Test I’d expected.
Cloudflare has a bot score. Depending on how sus your bot score is you can use several different levels of verification. The checkbox you refer to is kind of in the middle. There is also a more complicated intrusive captcha and a totally transparent javascript. It’s a pretty slick system.
I like that when I’m on tor browser with VPN behind it they’re like “Yeah, cool, go on through”
Don’t mix tor plus VPN.
If you’re using tor browser without tor for some reason, carry on.
So, turn off my VPN that’s always running before I use the tor browser?
There are two ways to layer a VPN and tor:
In the first option, you gain little. Tor already encrypts your traffic, so your ISP can’t see inside them. Technically, Tor over a VPN hides the fact that you’re using Tor from your ISP, but Tor’s snowflake does something similar if you need that.
In the second option, you’re revealing your VPN account information, which could theoretically be associated back to you. Tor adds nothing over just a VPN in this case.
So really, “no value in mixing,” which is distinct from “don’t mix.”
The latter implies a security risk could be created.
The risk of mis-ordering your layers is a security issue.
If you’re using tour vpn at the system or network level, and tor at the browser level, is there a risk of mis-ordering?
A security risk is created, you’re creating a permanent guard node by using your VPN with TOR. A lot of people downplay how serious this can be against a dedicated attacker. Sure, it may not matter for most, but for those with the right threat model, it will.
So VPN first then Tor is ill advised for this, or only the reverse? What is the potential attack in running Tor while on VPN?
Why?