Redesigning CAPTCHA Monitor's Data Visualization Tools
Problem
- The graphs currently displayed at the dashboard are somewhat misleading and difficult to understand
- The graphing algorithm does not distinguish between exit relays that see CAPTCHA once or fifty times and considers all of them equal
- The graphing algorithm does not consider exit relay's size, but larger exit relays receiving CAPTCHA has a larger effect on the network
- The scale in the graphs are also misleading in some cases
- There are no clear explanations about what each graph aims to achieve
- There is also no way for curious people to reproduce the graphs or understand the process for producing the graphs
Solution
Redesigning the graphs by addressing the problems from the first version and improving with feedback. Thus, this document aims to describe how to produce the v2 graphs that will be available on the CAPTCHA Monitor's dashboard. Graphs are divided into five main groups based on the graphs' function and purpose.
The document looks long, but there are a lot of repeating explanations across the graphs. If you have any suggestions/feedback, please mention it under ticket #41 of this repository.
Table of contents
- Default graph style
- Graphs for understanding the overall network status (by CDN)
- Graphs for understanding CAPTCHA rates related to website decisions
- Graphs for understanding CAPTCHA rates related to user decisions
- Graphs for understanding the Cloudflare firewall
- Graphs about individual exit relays
- Further Suggestions
Default graph style
The following graph style will be used for all graphs unless otherwise specified:
- Type
- Line chart
- Axes
- X-axis: The dates of the last 30 days. While reading the descriptions, you
will see that the
valid-after
timestamp of the consensuses are told to be used in the X-axis. Thesevalid-after
timestamps will be used to place the data to the correct position in the graphs but their values will not be used as axis labels. This decision was made to decrease the clutteredness of the graph labels. - Y-axis: The percentage values from 0% to 100%, uses a linear scale
- X-axis: The dates of the last 30 days. While reading the descriptions, you
will see that the
- Sample Graph (Number of data points is reduced for simplicity)
Graphs for understanding the overall network status (by CDN)
Probability of a Tor client receiving CAPTCHA
Purpose
Understanding the probability of a Tor client choosing an exit relay in the normal weighted way receiving a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Repeat the following for each running exit relay entry within the consensus:
- Count the total number of measurements that were completed using this exit relay
- Count the total number of measurements that were completed using this
exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.5.2}{Step 2.5.1} \times 100
(Assume0%
if an exit relay exists in the consensus but there are no corresponding measurements)
- Calculate the weighted average of the percentage values (obtained in Step 2.5.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Map and memorize the consensus's
valid-after
timestamp to the weighted average of the percentages
- Parse and memorize the
- Plot the weighted percentage values for each consensus in the Y-axis and
the
valid-after
timestamps in the X-axis
Related questions
- (12) What is the chance of a Tor client getting affected by Cloudflare's blocking practices when choosing a Tor exit node? [ticket:33010]
- (17) Is whether you get a CAPTCHA much more probabilistic and transient? [ticket:33010]
- (18) The chance that a Tor client, choosing an exit relay in the normal weighted faction, will get hit by a CAPTCHA [ticket:33010]
Weighted CAPTCHA rate by IP version
Purpose
Understanding the effect of connecting to web servers (and consequently exit relays) that support IPv4 vs IPv6 on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Obtain the "details document" from Onionoo and match the Onionoo data with the relay entries from consensus using the relay fingerprints. The following query is recommended for obtaining the "details document": https://onionoo.torproject.org/details?type=relay&flag=Exit&fields=exit_addresses,fingerprint,exit_policy_v6_summary
- Distribute the exit relay entries from the consensus into 2 bins based on
whether they support IPv6 exiting or not. This should be decided based on
the
exit_policy_v6_summary
field obtained from the "details document" - Repeat the following for each bin:
- Repeat the following for each exit relay in the bin:
- Count the total number of measurements that were completed using this exit relay
- Count the total number of measurements that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.7.1.2}{Step 2.7.1.1} \times 100
(Assume0%
if an exit relay exists in the consensus but there are no corresponding measurements)
- Calculate the weighted average of the percentage values (obtained in Step 2.7.1.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Repeat the following for each exit relay in the bin:
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (1) Does Cloudflare treat IPv4 and IPv6 addresses differently? [ticket:33010#comment:2]
- (9) How do specific exit nodes get affected by Cloudflare's blocking practices?
Weighted CAPTCHA rate by exit probability
Purpose
Understanding the effect of using smaller or larger exit relays on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Distribute the exit relay entries from the consensus into 10 bins (each bin containing probability values between n and n+0.1) based on their exit probabilities (calculated in Step 2.3)
- Repeat the following for each bin:
- Repeat the following for each exit relay in the bin:
- Count the total number of measurements that were completed using this exit relay
- Count the total number of measurements that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.6.1.2}{Step 2.6.1.1} \times 100
(Assume0%
if an exit relay exists in the consensus but there are no corresponding measurements)
- Calculate the weighted average of the percentage values (obtained in Step 2.6.1.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Repeat the following for each exit relay in the bin:
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (9) How do specific exit nodes get affected by Cloudflare's blocking practices?
- (11) What fraction of the Tor exit nodes get affected by Cloudflare's blocking practices? [ticket:33010], [ticket:23840#comment:22]
Weighted CAPTCHA rate by exit relay age
Purpose
Understanding the effect of using older or younger exit relays
(based on first_seen
date) on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Obtain the "details document" from Onionoo and match the Onionoo data with the relay entries from consensus using the relay fingerprints. The following query is recommended for obtaining the "details document": https://onionoo.torproject.org/details?type=relay&flag=Exit&fields=exit_addresses,fingerprint,first_seen
- Calculate the age of the exit relays in days using the
first_seen
field of the "details document" andvalid-after
timestamp of the consensusexit_age = ceil_days(valid-after - first_seen)
- Distribute the exit relay entries from the consensus into
(max(exit_age) - min(exit_age)) / 365
bins based on their ages (calculated in Step 2.6) - Repeat the following for each bin:
- Repeat the following for each exit relay in the bin:
- Count the total number of measurements that were completed using this exit relay
- Count the total number of measurements that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.8.1.2}{Step 2.8.1.1} \times 100
(Assume0%
if an exit relay exists in the consensus but there are no corresponding measurements)
- Calculate the weighted average of the percentage values (obtained in Step 2.8.1.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Repeat the following for each exit relay in the bin:
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (9) How do specific exit nodes get affected by Cloudflare's blocking practices?
Weighted CAPTCHA rate by exit relay location
Purpose
Understanding the effect of the physical location of the exit relay's location on the probability of seeing a CAPTCHA. This graph will show top 10 countries with highest CAPTCHA rates.
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Obtain the "details document" from Onionoo and match the Onionoo data with the relay entries from consensus using the relay fingerprints. The following query is recommended for obtaining the "details document": https://onionoo.torproject.org/details?type=relay&flag=Exit&fields=exit_addresses,fingerprint,country_name
- Distribute the exit relay entries from the consensus into bins based on
their
country_name
value (obtained in Step 2.5) - Repeat the following for each bin:
- Repeat the following for each exit relay in the bin:
- Count the total number of measurements that were completed using this exit relay
- Count the total number of measurements that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.7.1.2}{Step 2.7.1.1} \times 100
(Assume0%
if an exit relay exists in the consensus but there are no corresponding measurements)
- Calculate the weighted average of the percentage values (obtained in Step 2.7.1.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Repeat the following for each exit relay in the bin:
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs with top 10 highest percentage values and discard the rest (or keep if you want to have them as well)
Related questions
- (9) How do specific exit nodes get affected by Cloudflare's blocking practices?
CAPTCHA rate by traffic origin (Tor traffic vs Non-Tor traffic)
Purpose
Understanding how Cloudflare treats to Tor traffic vs. non-Tor traffic (this one is stating the obvious but still good to have data to back up the obvious)
Steps to produce
- Determine a date range and granularity to plot. Here, we will plot last 30 days with a granularity of 1 hour.
- Use CAPTCHA Monitor API to get measurements that were completed during the chosen date range
- Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements and URL list using the
URL
fields. Typically each URL maps to multiple measurements. - Discard the measurements that do not have
cloudflare
in theircdn_provider
field - Iterate over the chosen date range with the chosen time intervals. Repeat
the following for each iteration:
- Distribute the measurements that were completed within the interval of
this iteration into 2 bins based on
method
field's value. Put the methods without "tor" (ex. "firefox") into theNon-Tor Traffic
bin and the rest (ex. "firefox_over_tor") into theTor Traffic
bin. - Repeat the following for each bin:
- Count the total number of measurements in this bin
- Count the total number of measurements in this bin that have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 5.2.2}{Step 5.2.1} \times 100
(Leave this bin's value empty if there are no corresponding measurements)
- Plot the percentage values for each bin in the Y-axis and the beginning time of this interval in the X-axis
- Distribute the measurements that were completed within the interval of
this iteration into 2 bins based on
- Merge the graphs created for each iteration
Graphs for understanding CAPTCHA rates related to website decisions
Weighted CAPTCHA rate by connection security
Purpose
Understanding the effect of using TLS and not using TLS on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements, URL list, and relay data using the relay fingerprints and URLs. Typically each relay and URL map to multiple measurements.
- Distribute the joined data into 2 bins based on whether the
is_https
field of each entry is1
or0
- Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.8.2.2}{Step 2.8.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.8.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
-
(14) Is there a difference if the origin server has
an SSL certificate or not?
- (14.1) Does the blocking change if the SSL certificate is issued by Cloudflare or by another entity?
Weighted CAPTCHA rate by HTTP request quantity
Purpose
Understanding the effect of connecting to websites that require single or multiple HTTP requests to load on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements, URL list, and relay data using the relay fingerprints and URLs. Typically each relay and URL map to multiple measurements.
- Distribute the joined data into 2 bins based on whether the
requires_multiple_reqs
field of each entry is1
or0
- Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.8.2.2}{Step 2.8.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.8.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
-
(13) Is there a difference between websites that load
resources from third-party resources and websites that contain all resources on
the origin server? [ticket:33010#comment:6]
- (13.1) How do users of websites get affected if the main website is not fronted by Cloudflare, but some of the resources are fetched from a Cloudflare fronted web server? [ticket:33010#comment:6], [ticket:15450]
Weighted CAPTCHA rate by CDN provider
Purpose
Understanding the effect of connecting to websites that use CDN providers such as Cloudflare, Akamai, Amazon Cloudfront, etc. on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements, URL list, and relay data using the relay fingerprints and URLs. Typically each relay and URL map to multiple measurements.
- Distribute the joined data into bins based on
cdn_provider
field's value - Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.8.2.2}{Step 2.8.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.8.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each bin in the Y-axis and
the
valid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Graphs for understanding CAPTCHA rates related to user decisions
Weighted CAPTCHA rate by method
Purpose
Understanding the effect of using different methods (for example using web browsers like Tor Browser, Firefox over Tor, Brave's Tor Tabs, etc.) on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor and between the
valid-after
&fresh-until
timestamps of the consensus - Join the measurements and relay data using the relay fingerprints. Typically each relay maps to multiple measurements.
- Distribute the joined data into bins based on
method
field's value - Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.7.2.2}{Step 2.7.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.7.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each
method
bin in the Y-axis and thevalid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (2) How does the HTTP request headers affect Cloudflare's decision-making mechanism? [ticket:33010#comment:4]
-
(3) How do different browsers with different
User Agents get affected? [ticket:33010#comment:2], [ticket:32924], [ticket:31404]
- (3.1) Is there a difference between using a web browser or fetching web pages via cURL or other HTTP libraries?
- (7) How does the time of the day affect the Cloudflare's blocking mechanism? Does it matter the day of the week or the time of the day? [ticket:33010#comment:15]
- (15) If browsers that should not face CAPTCHA face CAPTCHA, why does this happen?
- (16) How do the observed patterns in the results change over time? [ticket:33010]
Weighted CAPTCHA rate by Tor Browser version
Purpose
Understanding the effect of using different Tor Browser versions on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor Browser (
method
field is equal totor_browser
) and between thevalid-after
&fresh-until
timestamps of the consensus - Join the measurements and relay data using the relay fingerprints. Typically each relay maps to multiple measurements.
- Distribute the joined data into bins based on
browser_version
field's value - Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.7.2.2}{Step 2.7.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.7.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each
method
bin in the Y-axis and thevalid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (3.2) What about different versions of the Tor Browser? Does Cloudflare behave differently to different versions of the same browser?
Weighted CAPTCHA rate by Tor Browser security level
Purpose
Understanding the effect of using Tor Browser at different security levels (Standard, Safer, Safest) on the probability of seeing a CAPTCHA
Steps to produce
- Get consensuses from CollecTor
- Repeat the following for each consensus:
- Parse and memorize the
valid-after
&fresh-until
timestamps from the consensus header andbandwidth-weights
values from the footer - Repeat the following for each running exit relay entry within the consensus:
- Parse the
r
line and memorize the IPv4 address and identity - Parse the
w
line and memorize the bandwidth - Parse the
s
line and memorize the relay flags
- Parse the
- Calculate the weighted exit probabilities using the
bandwidth-weights
from the consensus,bandwidth
values, andflags
for each exit relay (see an example calculation here) - Use CAPTCHA Monitor API to get measurements that were completed
using Tor Browser (
method
field is equal totor_browser
) and between thevalid-after
&fresh-until
timestamps of the consensus - Join the measurements and relay data using the relay fingerprints. Typically each relay maps to multiple measurements.
- Distribute the joined data into 3 bins based on
tbb_security_level
field's value - Repeat the following for each bin:
- Further bin the measurements into sub-bins based on the exit relay used to perform the measurement
- Repeat the following for each exit relay in each sub-bin:
- Count the total number of measurements in this sub-bin that were completed using this exit relay
- Count the total number of measurements in this sub-bin that were
completed using this exit relay and have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 2.7.2.2}{Step 2.7.2.1} \times 100
- Calculate the weighted average of the percentage values (obtained in Step 2.7.2.3) using exit probabilities (obtained in Step 2.3) as the scaling factor
- Plot the weighted percentage values for each
method
bin in the Y-axis and thevalid-after
timestamp of the consensus in the X-axis
- Parse and memorize the
- Merge the graphs created for each consensus
Related questions
- (3.3) What about the different security levels of Tor Browser?
Graphs for understanding the Cloudflare firewall
CAPTCHA rate by Cloudflare security level/firewall settings
Purpose
Understanding the effect of different Cloudflare security levels and firewall configurations on the probability of seeing a CAPTCHA.
We have a few different domains to test different configurations. Here they are:
- captcha.wtf
- IPv4 only domain, no additional Cloudflare firewall rules
- yearlight.buzz
- IPv4 only domain, Cloudflare firewall is set to present "JS Challenge" for traffic originating from the Tor network
- bottomlesspit.xyz
- IPv4 only domain, Cloudflare firewall is set to present "CAPTCHA Challenge" for traffic originating from the Tor network
- broccolipizza.monster
- IPv4 only domain, Cloudflare firewall is set to block all traffic originating from the Tor network
- exit11.online
- IPv6 only domain, no additional Cloudflare firewall rules
- icanhazcaptcha.xyz
- IPv6 only domain, Cloudflare firewall is set to present "CAPTCHA Challenge" for traffic originating from the Tor network
Steps to produce
- Determine a date range and granularity to plot. Here, we will plot last 30 days with a granularity of 1 hour.
- Use CAPTCHA Monitor API to get measurements that were completed using only domains specified above and during the chosen date range
- Iterate over the chosen date range with the chosen time intervals. Repeat
the following for each iteration:
- Distribute the measurements that were completed within the interval of
this iteration into bins based on
url
field's value - Repeat the following for each bin:
- Count the total number of measurements in this bin
- Count the total number of measurements in this bin that have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 5.2.2}{Step 5.2.1} \times 100
(Leave this bin's value empty if there are no corresponding measurements)
- Plot the percentage values for each bin in the Y-axis and the beginning time of this interval in the X-axis
- Distribute the measurements that were completed within the interval of
this iteration into bins based on
- Merge the graphs created for each iteration
Related questions
-
(6) How do different security levels of Cloudflare
affect the blocking mechanism? [ticket:33010#comment:5]
- (6.1) Do some of the Cloudflare security levels block users immediately without presenting a CAPTCHA challenge at all?
Code injection rate
Purpose
Cloudflare sometimes injects third-party code to the websites without letting the users know. This graph aims to visualize the percentage of measurements were affected by third-party code injection over time.
Steps to produce
- Determine a date range and granularity to plot. Here, we will plot last 30 days with a granularity of 1 hour.
- Use CAPTCHA Monitor API to get measurements that were during between the chosen date range
- Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements and URL list using the
URL
fields. Typically each URL maps to multiple measurements. - Discard the measurements that do not have
cloudflare
in theircdn_provider
field - Iterate over the chosen date range with the chosen time intervals. Repeat
the following for each iteration:
- Distribute the measurements that were completed within the
interval of this iteration into 2 bins based on
is_data_modified
field's value. Skip the measurements that do not haveis_data_modified
field. - Repeat the following for each bin:
- Count the total number of measurements in this bin
- Count the total number of measurements in this bin that have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 5.2.2}{Step 5.2.1} \times 100
(Leave this bin's value empty if there are no corresponding measurements)
- Plot the percentage values for each bin in the Y-axis and the beginning time of this interval in the X-axis
- Distribute the measurements that were completed within the
interval of this iteration into 2 bins based on
- Merge the graphs created for each iteration
Graphs about individual exit relays
Overall CAPTCHA rate
Purpose
Seeing the overall CAPTCHA rate for a specific exit relay
Steps to produce
- Determine a date range and granularity to plot. Here, we will plot last 30 days with a granularity of 1 hour.
- Use CAPTCHA Monitor API to get measurements that were completed using the target exit relay and between the chosen date range
- Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements and URL list using the
URL
fields. Typically each URL maps to multiple measurements. - Iterate over the chosen date range with the chosen time intervals. Repeat
the following for each iteration:
- Count the total number of measurements completed within this interval
- Count the total number of measurements completed within this interval
that have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 4.2.2}{Step 4.2.1} \times 100
(Leave this interval's value empty if there are no corresponding measurements)
- Plot the percentage values for each iteration in the Y-axis and the beginning time for each iteration in the X-axis
CAPTCHA rate by CDN provider
Purpose
Understanding how different CDN providers such as Cloudflare, Akamai, Amazon Cloudfront, etc. behave requests coming from a specific exit relay
Steps to produce
- Determine a date range and granularity to plot. Here, we will plot last 30 days with a granularity of 1 hour.
- Use CAPTCHA Monitor API to get measurements that were completed using the target exit relay and between the chosen date range
- Use CAPTCHA Monitor API to get the list of URLs that are used in the experiments. This list contains the metadata about the URLs.
- Join the measurements and URL list using the
URL
fields. Typically each URL maps to multiple measurements. - Iterate over the chosen date range with the chosen time intervals. Repeat
the following for each iteration:
- Distribute the measurements that were completed within the
interval of this iteration into bins based on
cdn_provider
field's value - Repeat the following for each bin:
- Count the total number of measurements in this bin
- Count the total number of measurements in this bin that have
is_captcha_found
field set to1
- Calculate the percentage of measurements that received CAPTCHA using
\frac{Step 4.2.2}{Step 4.2.1} \times 100
(Leave this bin's value empty if there are no corresponding measurements)
- Plot the percentage values for each bin in the Y-axis and the beginning time of this interval in the X-axis
- Distribute the measurements that were completed within the
interval of this iteration into bins based on
- Merge the graphs created for each iteration
Further Suggestions
- Graphs about understanding:
- how different ISPs get affected
- how different relay families get affected
- how relays running on different platforms/operating systems get affected
- how relays running different Tor versions get affected