[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Advice regarding Cloudflare



On Sun, 3 Apr 2016 00:37:45 -0700
Ryan Carboni <ryacko@xxxxxxxxx> wrote:> >
> > (as opposed to the people that seem to think that Exits
> > should actively combat abuse by having the capability for
> > censorship).
> >
> >
> Well, a large number of exit nodes already have the capability for a
> man-in-the-middle attack. This capability could very well be a default
> option.

There's legal/ethical issues with that sort of thing.  In the bright
future (more modern versions of HTTP for example), encryption is going
to be the default.

An anonymity system that mounts active-man-in-the-middle attacks
against TLS (or QUIC's encryption) isn't anything I'll be working
on.

>  b) In your magic world, how would accessing any site that uses
> >     multiple hosts for content to work?

> [snip]
> This might seem patronizing, but you seem genuinely ignorant.

No.  I was wondering how a poorly thought out idea is supposed to
not negatively impact anonymity given that bundling multiple endpoints
over a single circuit is good for anonymity.

It was a genuine technical question.

[snip]
> By any reasonable definition of ethics, one must find a middle
> ground, and essentially, Cloudflare has all the negotiating power,
> unless you plan on personally battering down the doors of Cloudflare.
 
Well, I did write an addon that just fetches content from archive.is
whenever I get a Captcha.  Does that count?

> Perhaps a maximum of 63 domain names (forgot Cloudflare only has a
> dozen IPs) per Tor circuit could be done.

You have a definition of "a dozen" that doesn't match one that I'm
familiar with (https://archive.is/eSl37).

Anyway, it's easy for clients to request multiple circuits.  An
anonymity system where the Exit possesses linkable client identifiers
between circuits/sessions is also a poor anonymity system.

*plonk*

-- 
Yawning Angel

Attachment: pgp4GeHjC3UtO.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev