On Wed, Mar 16, 2016 at 03:22:46PM -0400, Michael StJohns wrote: > And lest anyone think I'm skimming over the whole reason for using > Tor: One reductio ad absurdum thing to do (extreme pain) would be > to require Captcha for *all* accesses to the IETF web pages - e.g. > ignore the evaluation of perceived threat from the querying site and > make all of us share in the pain. The other one would be to remove > Captcha for all. I don't think either of these passes the smell > test. Why not? I've already pointed out (upthread, with references) that captchas have no defensive value. Zero. None. They're snake-oil. Pretending that they will actually stop a modestly-determined, modestly-resourced attacker is foolish. *If* there is a need for defensive measures, and if there is, I'd like to see that need qualified and quantified, then fine: let's use some of the defensive mechanisms that have been shown to work *and* which don't impede access by the impaired/disabled, by Tor users, by those with Javascript turned off, by those using alternate browsers or command-line programs, etc. ---rsk