[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Block Global Active Adversary Cloudflare



On 2018-01-10 at 23:25:05 +0000, teor <teor2345@xxxxxxxxx> wrote:
Sending every remote site address from the Tor process to an extension increases the surface area for attacks.

[...]

This gives the extension access to the content of every encrypted page.

[...]

Please develop a least-authority design. Don't become the new CloudFlare.

Hello, teor,

You evidently conflated two discrete options I discussed: One for an IP-blacklisting Tor controller process completely separate from the browser or any other application; and the other for an application-level browser extension which would be as benign as NoScript. (N.b., NoScript has “access to the content of every encrypted page”.)

The former was just an off-the-cuff thought of how Core Tor could be made to block undesired destinations in the manner of a firewall (or router null-route), without modifying Core Tor or requiring any sort of proposal process. It would *not* interact with the browser. Even if it somehow did, I don’t see how you think it would obtain the contents of encrypted pages. What I described does not work that way, on its face. Most of all, it would NOT be part of the browser. Giving the browser (or extensions living inside the browser process) unfettered control port access would be both stupid and insane, and I am neither; indeed, I never run Tor Browser in its stock configuration because that gives it *far* too much access to Tor already (and I agree with pretty much everything Yawning said here: [0]).

The latter is a browser extension which already exists, in the wild, today. It works by detecting Cloudflare-specific HTTP response headers which Cloudflare injects (and which Cloudflare would not be able to inject, if they did not actively MITM the TLS connection). It also works with non-Tor Firefox, without any Tor at all; it obviously does not interact with the Tor process in any way, shape, or form.

https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/

https://github.com/nym-zone/block_cloudflare_mitm_fx

(Not written by me. I’m really a C guy, not a Javascript guy. I am simply trying to facilitate and encourage development.)

Really, please, don’t mistake my proposal as something totally moronic. I will not be accused of trying to build some wack-job Tor controller into a web browser extension (!), or anything tantamount to that.

[0] https://lists.torproject.org/pipermail/tbb-dev/2018-January/000736.html

--
nullius@xxxxxxxx | PGP ECC: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
Bitcoin: bc1qcash96s5jqppzsp8hy8swkggf7f6agex98an7h | (Segwit nested:
3NULL3ZCUXr7RDLxXeLPDMZDZYxuaYkCnG)  (PGP RSA: 0x36EBB4AB699A10EE)
“‘If you’re not doing anything wrong, you have nothing to hide.’
No!  Because I do nothing wrong, I have nothing to show.” — nullius

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev