[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by massar):

 Replying to [comment:56 ioerror]:
 > Replying to [comment:54 massar]:
 > > Silly-side-track idea I am throwing out there:
 > >
 > > Why does CloudFlare not run a .onion proxy for their sites?
 > >
 >
 > Tor is an onion proxy? :-)

 :)

 I used that wording though to indicate that in the browser URL bar it will
 still say https://www.HostedByCDN.com (and thus HTTPS certificates keep on
 working) while TBB actually just redirects those through the indicated
 SOCKS proxy (ala what FoxyProxy does for Chrome).

 If CF and other CDNs would implement something like that suddenly a lot of
 content would automatically start existing on the Tor network, which does
 not have any surveillance issues when going through an exit. (of course
 what the CDN network and then the final recipient do is still all voodoo,
 but it is better than going through an exit you can't fully trust;
 ignoring TLS there for a bit).

 > It could be that the captcha page, upon detecting Tor, could redirect to
 a CF controlled .onion that has a read only version of the website, for
 example.

 IMHO forcing a 30{123} redirect is far from a good solution, that should
 be a browser and thus a user choice.

 Maybe the user is mis-detected as being a Tor user (though exit lists are
 pretty much 'correct') or they do not want that mode of operation to reach
 the site. Also, why bother redirecting a Bot there, if a Bot was properly
 written it reads the meta tag and uses that (I mean, if you specifically
 program your bot to crawl over Tor then you can use the meta tag too).

 Also, if that meta line is included everywhere, an aware browser could
 suggest to the user "hey, you can use Tor for this site" which is also a
 win...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:57>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs