[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Subject: Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Mar 2016 11:35:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Mar 2016 06:35:50 -0500
In-reply-to: <047.b589d1c80a79d4dcd3294111da9cdbd1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.b589d1c80a79d4dcd3294111da9cdbd1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by jgrahamc):

 Replying to [comment:184 cypherpunks]:
 > Replying to [comment:182 jgrahamc]:
 > > I'm not sure how you come up with the 5% number but I think you
 underestimate how complicated deciding what R/O is in the web. Plenty of
 attacks come through GET requests. Doing the R/O mode seems like a nasty
 hack.
 >
 > To me R/O would be delivering the cache that you have. The request would
 never see the actual website. This would also discourage adversaries that
 repeatedly pull websites to have an automated advantage at idk ticket
 sales as the cache does not have to be the most recent.

 There are a lot of assumptions here. For example, this assumes that we
 have all the pages in cache and all the assets. It assumes that web pages
 can be displayed without any POSTs happening (so nothing dynamic at all).

 In addition it ignores what happens if a Tor user comes to CloudFlare and
 we don't have the item in cache, or the item is outdated.

 This idea just kicks the ball down the line. The right solution is to
 allow Tor users who are not behaving in a malicious manner 'normal' access
 to the web.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:185>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18453 [Tor Sysadmin Team]: Please add dgoulet to the metrics group
Next by Author: Re: [tor-bugs] #8633 [Tor Browser]: Link text overlaps with normal text making some websites unreadable
Previous by thread: Re: [tor-bugs] #18453 [Tor Sysadmin Team]: Please add dgoulet to the metrics group
Next by thread: Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Index(es):
- Author
- Thread