David Conrad <drc@xxxxxxxxxxxxxxx> wrote Tue, 16 Sep 2014 09:14:56 -0700: | On Sep 16, 2014, at 8:34 AM, Fred Baker (fred) <fred@xxxxxxxxx> wrote: | > On Sep 16, 2014, at 4:52 AM, Linus Nordberg <linus+ietf@xxxxxxxxx> wrote: | >> It seems like www.ietf.org is behind CloudFlare: | >> ... | >> This is sad because it's now not possible to visit the site without | >> accepting JavaScript. At least if you get selected for solving a | >> CAPTCHA. Tor users is one group of users who are selected. | | I believe a client gets thrown to a CAPTCHA when the source IP address | is identified with a threat/attack of some sort in order to ensure | there is a human behind the client. In as much as sites behind Tor are | used to originate attacks, it isn’t too surprising that they get | redirected to a CAPTCHA. I hear about other CloudFlare customers who's users don't have to solve CAPTCHA's in order to access their site. Can it be some sort of setting that the customer is in control of? What are IETF's settings? | As for it being sad, I see it as a reasonable tradeoff in today’s Internet. I see few reasons for not falling back to not using JavaScript for serving a CAPTCHA. There might be other reasons for requiring JavaScript that I'm not aware of. It would be pretty great if IETF, as a CloudFlare customer, would ask if it's possible to serve content to people not executing JavaScript. How can I help? <snip> | Regards, | -drc | (full disclosure: I used to work for Cloudflare a few years ago) (full disclosure: I work for Tor now and then)