challenge-bypass-extension
challenge-bypass-extension copied to clipboard
privacypass
Browser becomes unresponsive while generating passes
Browser: Tor Browser 8.0.5 (based on Mozilla Firefox 60.5.0esr) (64-bit) macOS
- Install extension
- Visit https://captcha.website/
- Suffer through the reCAPTCHA
Actual: The browser becomes unresponsive for over a minute. I can’t change tab or interact with it. macOS shows it’s spinning beach-ball of death cursor animation. The process takes so much time that by the time the browser becomes usable again, that reCAPTCHA complains that the token has expired. At the end I’ve generated 30 new tokens, though.
Expected: The browser to remain intractable.
Does this happen every time you try to get tokens? Does it only happen for you on the Tor browser also, or across different browsers (e.g. actual Firefox)?
This happens every time I get tokens with Tor Browser 8.0.5 (based on Mozilla Firefox 60.5.0esr) (64-bit) on macOS, Windows 10, and Fedora Linux.
As for testing in regular Firefox: I can’t. The “Get More Passes” button just loads the project website.
Thanks for the info. Have you installed Privacy Pass from the Firefox store? Or have you installed it from source?
I've just downloaded and tried this and I don't seem to be able to reproduce the same issue, do you have any other extensions installed?
After some digging I found the missing step:
- Click the Tor option button (Onion icon): Security Settings
- Switch the security slider to Safer (middle option)
- Visit https://captcha.website/
- Suffer through the reCAPTCHA
The documentation for this option says:
all JavaScript performance optimizations are disabled
I'd still say it's unexpected that the browser will become unresponsive, however. Can the work be shifted to a service worker to run off the main thread?
Thanks for the update, it's good to be aware of such performance issues. It's possible that we could do this, but it's probably not something that we're going to get around to immediately. We are open to external contributions so I'll leave this issue up to track it going forward.
Maybe a setInterval to update a message "still generating (## seconds)..." (like gmail) so anything longer than 2 seconds shows what's happening. Useful independently of extracting into a service worker.
Finally I've been able to get this to generate passes. Also on a new MBP the 30 passes take quite some time. How about, at least during testing, we decrease from 30 to 10? Or make an option. Also, if it is possible to manually trigger getting passes somehow, then the default could be to add a very small amount, and when you trigger it manually you could only then have the extension build a bigger amount of tokens.
Would doing all the crypto stuff in wasm reduce the problem? Even an unoptimized wasm should be more efficient than doing it in unoptimized js. Does the tor browser (with enabled JS, but disabled JS optimizations) support wasm?
https://bugzilla.mozilla.org/show_bug.cgi?id=1576254#c23
this seem to enable wasm optimizations for "trusted context", not sure if it also enables js optimizations.
at least it is enabling wasm for plugins, while it's disabled for websites.
The extension and the protocol have changed quite a lot since this ticket has been opened. As we are working to upgrade the extension to support the latest IETF draft, we are centralising updates in https://github.com/privacypass/challenge-bypass-extension/issues/400. I'm closing this ticket as duplicate.
