[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by ioerror):

 Replying to [comment:30 jgrahamc]:
 > Ultimately, I think we want the same thing: reduce abuse coming through
 Tor. Coming up with a good technical solution is hard, but worth working
 on. You may think that CloudFlare doesn't care about this problem, but in
 fact it's something that's occupying time (and therefore money) as we look
 for solutions.

 Offering a read only version of these websites would be a very good
 mitigation that could be done effectively instantly - by enabling the
 above mentioned "Always Online" CDN option - where a CAPTCHA would be
 added. For any POST action, a javascript hook could be added to then
 prompt to solve a CAPTCHA as discussed above.

 >  A related approach might be for us to say "Let's whitelist all the Tor
 exit nodes". Play that forward a bit and you could see that any abuser
 worth their salt would migrate to Tor increasing the abuse problem through
 Tor.

 That would be a fine approach - it is true that this could be a problem
 but this would absolutely solve the "defaults" problem we see today.

 > Despite what's been said in this ticket there have been contacts between
 CloudFlare and Tor developers.

 I am one of those developers and after more than a year, I'm sorry to say
 that we need to have substantially more serious discussions. Individual
 engineers who care is not enough. There are also other options - such as
 some of the things suggested above. I really like the idea of an
 interstitial that allows a user to see a third party read only CDN cache
 before remote code execution happens in the user's browser.

 In any case - I think we all agree that there is a serious problem here
 and we should involve our communities and not just have backroom
 communications that do not result in differences for users. There are
 millions of impacted users who are being censored from reading websites
 because of a combination of issues - every single day.

 I encourage you to use the Tor Browser for a week and report back to us
 about how well it works for you. If your experience is completely
 different from the rest of us, we'd very much like to learn about the
 different factors in your web surfing habits.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs