[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by SatoshiNakamoto):

 1) There's some metrics above about the % of tor nodes that abuse is
 coming from, but unless I missed it, there's no details of % of *all
 traffic* that is abuse.  Lunar made the point that we should be comparing
 these numbers to the abuse numbers for carrier-grade NAT but we should
 also compare to the baseline of a typical IP.  We should expect some kind
 of relationship like tor > carrier-nat > otherwise, but is this
 actually what we see?  Even granting the technically infeasible goal of
 stopping this abuse, it's gotta be in context.  What is p(abuse | tor) /
 p(abuse | non-tor) ?

 2) The register article is also behind cloudfare, so if you're expecting
 us to read it and get any information from it, you may be sorely
 disappointed.  I'm batting like 3 for 250+ today for loading pages through
 cloudfare.

 3) Not sure if this is the right ticket or not(there's a lot going wrong
 here for one ticket), but in my particular case until today there seems to
 be 2 situations that you can get into depending who you allow javascript
 for.

  i)  Google and website :

   palemoon (  26.0.1 ) presents user with :

       [ ] I'm not a robot reCAPTCHA
         selecting this:
         results in 100% cpu for awhile and then
         "Cannot contact reCAPTCHA. Check your connection and try again."
         100% of the time.

  ii)  Neither google *nor* website.

   palemoon presents user with:

 http://0bin.net/paste/uCUCp72l6EYqvVNA#6E+2Hi3izY37X+nQ-
 lNLzqZ5Jx9HukKLkjl/hrj3+Py
         as you can see it's all garbled to hell.  This wasn't the case
 ever before today.  Until today we could get away with disabling
 javascript, and select the particular pictures, at least on my setup.  The
 check boxes might be associated with boxes in order, but sometimes only 6
 boxes show up, and as of yet I haven't been able to solve one since they
 started looking that way, though one page just happened to load without
 the CAPTCHA page just recently(?).

 so really if you're fixing issues as they come up on your side, there are
 two broken use cases right there.

 It would be nice if there was somewhere on *cloudflare*'s side to report
 specific tor-related client issues that wasn't behind the great cloudwall.
 That would be one way for Cloudfare to work together with the tor network,
 beyond having one thread on tor's side, wouldn't it?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:142>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs