John Graham-Cumming:
We already started that filtering approach. It's live for millions of web sites (although not all sites using Cloudflare) and has been for some time. It has resulted in a large drop in the use of CAPTCHA.
This is great news! Thank you!
I was waiting to report to this group the results as I wanted to let it run for a while so we can see how well the abuse filtering works. But it's just fine that you mention is now.
I'm very interested in the problem of filtering abusive Tor traffic because the Tor system is unique in its approach to privacy making it a challenge to filter well. This is an interesting engineering problem and has great benefits for us as being good at filtering abusive traffic from Tor makes us better at filtering abuse from the wider internet.
That is good to hear, also.
I do still notice CAPTCHAs for bare requests to the top-level domains of paid sites. Is there a plan to roll this out for all CloudFlare sites at some point for Tor traffic?
Also, I will see what we can do on our side about reviewing the spec and the browser extension, taking Georg and Jeff's comments into consideration. Is there a timeline for when that system will be ready on your side?