Tor development, IIRC, was originally funded by the US Navy, and received additional funding from the State Department. It was useful for dissidents living under repressive governments. You can probably fact-check me at on About Tor, with no additional penalty, because NSA are likely to be targeting most likely readers of this blog.. Systems or network admin? Check. Encrypted mail user? Check. Ad nauseum.
Is startpage.com on the side of light?
Startpage.com bills themselves as "the world's most private search engine", and are the default search engine of Tor. But if you use Tor, you will be periodically presented with a CAPTCHA. On the page, you will see the following text.
As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.But I have never seen this using Firefox, upon which Tor is based.
The StartPage Team
What about that symbol of rebellion and hackerdom, BlackHat?
I am not a fan, for reasons that seem good to me. But no security worker can ignore the storied history of this conference. For those with short memories, BlackHat 2009 was when Moxie Marlinspike, Dan Kaminski and Mike Zusman, in separate presentations managed to collectively beat SSL/TLS to death.
Yet Tor users will see something that is probably a bit familiar.
One more step
Please complete the security check to access www.blackhat.com
The Worst Thing is Teh Stoopid.
CAPTCHA is far past any sort of relevance. Mechanical Turk CAPTCHA-solving was available years ago. Neither faster timeouts nor more obfuscated puzzles have fixed the problem. At this point, I can only characterize them as both increasingly annoying, and increasingly useless.
Google, whatever you may think of them from a privacy standpoint, recognizes this, and has introduced RECAPTCHA.Though this entire approach is fundamentally flawed, this is at least temporary and partial fix. Now, if only sites that choose to market themselves as either secure Internet tools, or security-focused, would just suck a bit less, I am sure we all appreciate it very much.