They obviously cannot discern a robot from a human over the wire, that sounds impossible to do currently.
What they can probably do is make an estimate on how likely it is that a certain request comes from a script
rather than a human being and then use that estimate to make a CAPTCHA of difficulty proportional to the likelihood.
I wish there was a good alternative to our current CAPTCHAs, but I can't think of any (refrain from commenting if
you are going to suggest something dumb that will surely not work, such as asking the user to do simple arithmetic).

I can confirm that this happens for Tor exit nodes. They serve their CAPTCHAs to third-party
websites as well, and if it so happens that you want to use a website via Tor that uses their
CAPTCHA on login, the challenges they give you simply cannot be solved. I am not exaggerating,
I have been trying for ten minutes in the past to login on a certain website via Tor and was unable
to. Finally, I found the solution at the time: you have to go to google's login page one time and then
all the CAPTCHA's start becoming readable.

large percentage[citation needed].

Also, controlling some exit nodes is not really sufficient to identify you (unless they think
it's you but they are not sure).

> The Linux man pages (documenting the Linux API)
No.

My point was that to get access to the web interface in the first place you need the wireless key. That is the thing preventing people from getting into your home network. Should they manage to get that key and infiltrate into your network, getting access to your router's web ui is almost always easy (almost no-one changes the default password or changes it to some bruteforceable one). And if one knows the network key, he can sniff the packets of everyone else as long as he catch their handshake with the AP (should work for WEP/WPA-PSK/WPA2-PSK, but not Enterprise stuff). I am pretty sure he can also perform DNS spoofing and MITM by impersonating the router and broadcasting a more powerful signal (if you know the network key, there is not much that someone else on the network can do to distinguish you from their real router). That being said, I don't see an attacker as gaining too much of an advantage by knowing your web ui password in most of the cases.

is usually prevented*

I think it is? http://tsd.dlink.com.tw/downloads2008detailgo.asp
Someone commented on another website with this link: https://gist.github.com/ccpz/6960941 which shows
the backdoor string being defined in some config.

You cannot just put people in prison for taking dumb shortcuts in programming, that's ridiculous. The purpose of
the backdoor was to be able to internally use some features supported by the web interface without reimplementing them.
They decided that the code that needs those features should just query the router's own web interface, but that required
a password, so they just added a secret user-agent to bypass it internally.

Also, you cannot realistically believe that this puts any banking transaction at risk. Those are usually protected
by SSL, not your router. And access to your home network is usually preventing by using wireless security
such as WPA2, not by having a password to your wireless' web interface. Almost no user has a non-default
non-guessable router ui password anyway.

Either you misunderstand the way Tor works or I fail to see what you are trying to say.
How do you propose police "update their tactics to include Tor"?

I am not suggesting anything, nor defending any sort of monitoring. I'm saying that figuring out
exactly what is the best way to proceed is a hard problem, and the typical slashdotter seems to trivialize
it, ignoring the fact that both sides have drawbacks. It is completely different from "banning Tor is like
banning cars omg freedom! my feelings!".
I completely understand the mentality of "we need to allow some bad to happen because the good
we get in exchange outweighs the bad", but one needs to acknowledge that this *is* a tradeoff and
complete anonymity does not come for free in a society. Exactly how much the society has to pay,
in terms of bad guys getting away and evil being done, I doubt anyone knows. But the US has many
enemies and I don't think it's easy to predict what will happen if they stop monitoring.

The analogy here is a bit stretched. Both cars and Tor are tools that can be used for good and bad,
but the former does not make it impossible for authorities to enforce the law when one is doing bad things.
Tor, on the other hand, allows pedophiles and whomever to use the tool for the bad without suffering
the consequences.
I am a crypto geek and a fan of Tor, but people just need to get their heads out of their butts already
and realize that this is a hard problem.
The tradeoff between the amount of anonymity you get and how well laws can be enforced is real and
choosing where to draw the line is nontrivial and subject to a lot of controversy. It is quite clear that NSA
and whoever else is doing these things have been crossing any reasonable line, but don't oversimplify the
issue at hand by making bloody car analogies.

There will probably be fewer repetitive jobs that a monkey can do and more jobs that require intelligence and knowledge.
This might be unfair to those who were born really ungifted. If only we had an education system able
to figure out what is an individual good at and what he enjoys doing.

Is there any reason to believe that Tor is weakened by PRISM?

tl;dr He tried it upon friends' suggestion, was bad, friends said "BRO IT WAS FAEK". This reminded him of when he also had a bad coffee someplace else.

That would be incorrect in case of HTTPS.