As a Tor user, there was a time when Cloudflare's captchas reduced drastically. And as long as you're using the Tor Browser, there's a great chance that you'll rarely see Cloudflare's captchas.
I saw a website recently that I couldn't load. Neither multiple different exit nodes through tor browser nor clean residential IP though chrome on linux worked and cloudflare's captcha was impossibly difficult to solve, I gave up after multiple attempts. Thankfully nice people here reposted the content into a comment.
Cloudflare still has a long way to go in terms of being nice to humans.
Indeed. If I recall correctly, it was when there was a 200+ comment thread with the top comment being about abusing Tor users WRT Cloudflare. I believe the CEO showed up, and then later ran an internal test on engineers forcing all of them to run through Tor.
For a short while, it was significantly better. It probably lasted for 3-5 weeks, and then things fairly quickly progressed back to their usual, namely being captcha hell.
(Request first page, do captcha, click on next link, do another captcha, go back to first page, do captcha... wash rinse repeat.)
Are you sure that you're using the Tor Browser? If you're shoving up your browser's traffic through Tor and its header is different from the Tor Browser you'll in most cases end up with a captcha.
Edit: Also the event you described happened much earlier than when the drop of Cloudflare captchas happened, which was around if I remember correctly when Google announced "invisible captchas".
> The problem is that Cloudflare blocks Tor, not Tor Browser: not every Tor user uses Tor Browser.
Except the advice is, even when it does block Tor Browser, as they say it doesnt, the answer is to use Caching services.
The problem here is, it's now taboo to call these issues out. My posts' scores are -3, -1, and 1... I highlight this because it hid my main post. And alas, "-1" is used to silence legit grievances.
> So how is that a solution? The problem is that Cloudflare blocks Tor, not Tor Browser: not every Tor user uses Tor Browser.
Well then they did a favor to you and you should thank them, if you're using Tor without the Tor Browser chances are big that you're screwed by your fingerprint and lack of first party isolation and stream isolation, see the 2nd last paragraph here for example https://news.ycombinator.com/item?id=14583699
The Tor bundle is necessarily less secure than something like Qubes. Tor and the browser should be separate. Advanced users are capable of evading fingerprinting in exactly the same way.
Hmm.. Then a slightly different question: Do you handle OBS4 transits differently then? I have a few places that I go that actively block Tor - OBS4 and Scramblesuit both traverse these blocks.
Because of that, I primarily run those transits, and I tend to get captcha hell still. I'd be willing to debug on my end.
I think you're misunderstanding things, Cloudflare has no way to know which pluggable transport (such as obfs4 and the retired scramblesuit) you use to access the Tor network. They're only interested in exit traffic.
Cloudflare still has a long way to go in terms of being nice to humans.