[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services



bo0od writes:

> This is another front end to YouTube:

Hi bo0od,

Thanks for the links.

This seems to be in a category of "third-party onion proxy for clearnet
service" which is distinct from the situation where a site operator
provides its own official onion service (like Facebook's facebookcorewwwi,
which the company has repeatedly noted it runs itself on its own
infrastructure).

Could you explain how this kind of design improves users' privacy or
security compared to using a Tor exit node to access the public version
of YouTube?  In this case the proxy will need to act as one side of
users' TLS sessions with YouTube, so it's in a position to directly
record what (anonymous) people are watching, uploading, or writing --
unlike an ordinary exit node which can at most try to infer these
things from traffic analysis.  Meanwhile, it doesn't prevent YouTube
from gathering that same information about the anonymous users, meaning
that this information about users' activity on YouTube can potentially
tbe gathered by wo entities rather than just one.

The proxy could also block or falsely claim the nonexistence of selected
videos, which a regular exit node couldn't do, and if its operator knew
a vulnerability in some clients' video codecs, it could also serve a
maliciously modified video to attack them -- which YouTube could do, but
a regular exit node couldn't.

Are there tradeoffs that make these risks worth it for some set of
users?  Maybe teaching people more about how onion services work, or
showing YouTube that there's a significant level of demand for an
official onion service?

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk