challenge-bypass-extension
| session-lock | challenge-bypass-extension | |
|---|---|---|
| 1 | 36 | |
| 13 | 1,242 | |
| - | 0.6% | |
| 3.7 | 5.0 | |
| about 1 month ago | about 2 months ago | |
| JavaScript | JavaScript | |
| MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
session-lock
-
Show HN: Device-Bound Session Tokens in JavaScript
Glad to hear it. I feel the library could be improved, and if your server runs on something other than Node.js, you'll have to put together some straightforward crypto code, so feel free to file an issue on the repo[1] if you have any questions or requests. The point of it is not at all to compete with Google, but it could serve as a reasonable stopgap that's easy to implement (no new endpoints, no roundtrips) and should protect against all of today's cookie stealers, which would have to become a lot more sophisticated to beat it. I created a discussion on DBSC's spec repo yesterday that has a more direct comparison vs. Google's proposal[2] that you can check out.
[1]https://github.com/zainazeem/session-lock
challenge-bypass-extension
-
Flagship Mastodon instance to require AI disclosure; bans AI-only accounts
I'd be fine if "ID for the web" was implemented with privacypass https://privacypass.github.io/
-
Cloudflare verification not working
https://privacypass.github.io/ should help with Cloudflare verification. Works on Chrome and FireFox.
-
Blocked by Cloudflare
Cloudflare's Privacy Pass may help here: https://privacypass.github.io/
It should significantly reduce the amount of CAPTCHAs you see in a way that's not terrible for privacy.
For Safari, you can enable Private Access Tokens: https://blog.cloudflare.com/how-to-enable-private-access-tok...
Both of these mechanisms are similar to Google's web DRM proposal in that they rely on external issuers to generate tokens, but unlike Google's attempt they don't guarantee that ad blockers are disabled on pages that try to use tokens.
- Privacy Pass: A privacy-enhancing protocol and browser extension
-
Apple already shipped attestation on the web, and we barely noticed
The author is referring to this standard: https://privacypass.github.io/
Apple uses it for its iCloud Private Relay service. The blind token is used so that Cloudflare can verify that a given device pays for iCloud Private Relay without revealing their identity.
Attestation is when such a blind token is proving the integrity of the software running on the device, not proving arbitrary properties. Privacy Pass could actually enable a fast, semi-decentralized system of anonymizing proxies.
If Apple exposed the “is System Integrity Protection enabled” bit to the web, then that amounts to attestation to me, and yes: Apple can do it whenever it wants, and people want Apple to do it.
- A privacy-enhancing protocol and browser extension
-
Tell HN: Cloudflare verification is breaking the internet
Use Privacy Pass then if you don't want to use Chrome. https://privacypass.github.io/
-
How do you guys deal with all the captchas?
Most hCaptcha and many Cloudflare -> https://privacypass.github.io/
-
Cloudflare traps me in a captcha loop if I'm running any sort of fingerprint protection?.(Firefox)
That's weird, I haven't used it recently but will take a look. Looks like you're not the only one having issues though: https://github.com/privacypass/challenge-bypass-extension/issues/389
-
Is it possible to solve CAPTCHAs at the network level akin to the way Pi-hole filters ads at the network level?
This wouldn't be at the network level, but there is this amazing extension at the browser level: https://privacypass.github.io/
What are some alternatives?
friendly-challenge - The widget and docs for the proof of work challenge used in Friendly Captcha. Protect your websites and online services from spam and abuse with Friendly Captcha, a privacy-first anti-bot solution.
curl-impersonate - curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
buster - Captcha solver extension for humans, available for Chrome, Edge and Firefox
adblock-rust - Brave's Rust-based adblock engine
basic-attention-token-crowdsale - Basic Attention Token
mullvadvpn-app - The Mullvad VPN client app for desktop and mobile
turtledove - TURTLEDOVE
SendWhatsppTextByJavaScript - Here is small JS Script for sending a message in a loop.
challenge-bypass-specification - WARNING: Deprecated! See Privacy Pass
svg-captcha - generate svg captcha in node
did-core - W3C Decentralized Identifier Specification v1.0
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>