[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by ioerror):

 Replying to [comment:128 jgrahamc]:
 > Replying to [comment:125 ioerror]:
 > > It would be nice, if you could show us data that compares carrier
 grade NAT for a similar quantity of users, and then to back up the data
 beyond "project honeynet" offered "threat scores" for us to understand it
 in detail.
 >
 > I don't have that data because it's not something we monitor.

 You don't have other threat scores for other IP addresses? You could look
 at the country wide proxy list that Wikipedia keeps for X-Forwarded-For
 style proxies - for example. Though I'm surprised - you don't have *any*
 data on carrier grade NAT IP ranges?

 Here is a list of ip addresses of major proxies - such as say, all users
 of Opera Mini which is probably more users than Tor Browser hitting
 CloudFlare:

   https://meta.wikimedia.org/w/extensions/TrustedXFF/trusted-hosts.txt

 One can read about those proxies here:

   https://meta.wikimedia.org/wiki/XFF_project


 >
 > I only have data on Tor because there's a public list of exit nodes and
 because I wrote code to pull information on Tor (see github above) because
 the Tor community was upset at CAPTCHAs. I also don't know how large the
 Tor user base is so even if I did have the data I couldn't make the
 comparison.

 We publish a great deal of data in a privacy preserving manner:
 https://metrics.torproject.org

 Could you please make some comparisons of the abuse in question? Is
 CloudFlare really just using Project Honeynet data here?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:133>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs