Since there was earlier discussion about a “specification for bypassing CAPTCHAs using blinded tokens” in this mailing list, I thought I would provide an update.
It seems that CloudFlare now has a “PrivacyPass" tool which implements just such a technology:
https://privacypass.github.io/
The tool is linked from CloudFlare’s CAPTCHA page. To see it for yourself, just create a clean Tor Browser session, then navigate to webmd.com (they see to be quite aggressive about blocking Tor users).
Also, the protocol the tool uses is in the process of being standardized:
https://datatracker.ietf.org/wg/privacypass/about/https://github.com/ietf-wg-privacypass/base-drafts
I’m not a cryptographer, but perhaps those who are could provide feedback. It would be great to see this succeed and thereby eliminate CAPTCHAs from many websites.
-Peter
