[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare



#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:
                                                 |  cypherpunks
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare, TorBrowserTeamTriaged              |
Parent ID:  #18361                               |         Points:  1000
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ϲypherpunks):

 Replying to [comment:181 cypherpunks]:
 > > :179
 2               Can you wrap it just like you did it in
 [https://codeberg.org/crimeflare/cloudflare-tor/ here]? This ticket is
 becoming way too long.

 May would be a better option. This Trac isn't for to much discussion
 related things but the issue itself either. I did not. I'm not the
 maintainer of that git. I have made no single commit. Need to look how-to.
 But found this issue as I was looking for solution as I'm some another
 victim of cloudflare punishments.



 Replying to [comment:182 cypherpunks]:
 > Yeah, I agree. Let's keep it that way. Let all users join CloudFlare.
 Fine by me. I have my own firewall anyway.

 How reliable is this? Are there full coverage with only the public self
 announcement ip ranges on their website? Thought about null routing them
 subnets. May we could use those for torrc mapaddress setting. But it would
 bypass on socks request by hostname I believe. For up blocking it's fine.

 Other idea is to patch the is_private function to feed with cloudflare
 ranges to not allow existing to them at all. Not only a browser extension.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:185>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs