Reviews for Silk - Privacy Pass Client
Silk - Privacy Pass Client by Cloudflare Research
Review by nibba111
Rated 1 out of 5
by nibba111, 2 years agoOne of those cases where I'd happily give a zero-star rating, but there is no such thing. I guess one star can be given for the intention behind. Some issues:
1. Stores passes in localStorage. Due to this they get cleaned up by automatic cleaning, always if the browser is in permanent private mode (Tor Browser). If you don't use permanent private mode, instead automatically cleaning history on exit, you can put moz-extension://ea706443-32b7-4727-b136-408bf93e5004/ in cleaning exceptions, which is very unintuitive.
My passes getting deleted was a big surprise the first time...
It was even reported in the issue tracker (https://github.com/privacypass/challenge-bypass-extension/issues/205), yet dismissed by the dev. Somehow storing that in localStorage is not a bug.
How would you like uBlock rules cleared on every launch?
2. Can't coin passes in Tor Browser.
3. Buggy if you disabled WASM.
4. No functionality for import/export. But you can do it through debugging extension in a web inspector. I guess this is where localStorage comes useful but it still sucks. See https://pastebin.com/EgruhFQc for functions.
5. If you managed to import passes via own js in Tor Browser, or you switched to Tor in a normal one, it won't fully redeem them. In case of hCaptcha, it mistrusts you after you uselessly redeem a pass or two. In case of Cloudflare, most important sites that I use don't get highlighted by the extension. Websites like ChatGPT, some manga websites and forums, enter an endless loop with rotating thing on a page that uses deceptive language like "checking if your connection is secure", despite obviously not checking out the connection, but me. I haven't yet encountered a cloudflared website I use a lot which supports this.
5.1. No visual indicators that it mistrusts you despite eating a pass. No indicators if it works generally beyond using devtools. No status messages.
6. Only 5 hCaptcha passes for one completion.
7. Given that Privacy Pass as a standard will combat pass hoarding by associating passes with metadata (see the latter part of https://blog.cloudflare.com/privacy-pass-v3/), it's not very obvious why not just ditch tokens entirely and use registration with captchas (a la hCaptcha accessibility) to begin with. It's inevitable that you get rid of anonymity and stuff like that in order to not be frustrated with workarounds like this one. By registering with a captcha provider you might not need to redeem anything anymore, you can build trust in each internet-using biological platform on individual basis.
1. Stores passes in localStorage. Due to this they get cleaned up by automatic cleaning, always if the browser is in permanent private mode (Tor Browser). If you don't use permanent private mode, instead automatically cleaning history on exit, you can put moz-extension://ea706443-32b7-4727-b136-408bf93e5004/ in cleaning exceptions, which is very unintuitive.
My passes getting deleted was a big surprise the first time...
It was even reported in the issue tracker (https://github.com/privacypass/challenge-bypass-extension/issues/205), yet dismissed by the dev. Somehow storing that in localStorage is not a bug.
How would you like uBlock rules cleared on every launch?
2. Can't coin passes in Tor Browser.
3. Buggy if you disabled WASM.
4. No functionality for import/export. But you can do it through debugging extension in a web inspector. I guess this is where localStorage comes useful but it still sucks. See https://pastebin.com/EgruhFQc for functions.
5. If you managed to import passes via own js in Tor Browser, or you switched to Tor in a normal one, it won't fully redeem them. In case of hCaptcha, it mistrusts you after you uselessly redeem a pass or two. In case of Cloudflare, most important sites that I use don't get highlighted by the extension. Websites like ChatGPT, some manga websites and forums, enter an endless loop with rotating thing on a page that uses deceptive language like "checking if your connection is secure", despite obviously not checking out the connection, but me. I haven't yet encountered a cloudflared website I use a lot which supports this.
5.1. No visual indicators that it mistrusts you despite eating a pass. No indicators if it works generally beyond using devtools. No status messages.
6. Only 5 hCaptcha passes for one completion.
7. Given that Privacy Pass as a standard will combat pass hoarding by associating passes with metadata (see the latter part of https://blog.cloudflare.com/privacy-pass-v3/), it's not very obvious why not just ditch tokens entirely and use registration with captchas (a la hCaptcha accessibility) to begin with. It's inevitable that you get rid of anonymity and stuff like that in order to not be frustrated with workarounds like this one. By registering with a captcha provider you might not need to redeem anything anymore, you can build trust in each internet-using biological platform on individual basis.