[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
Reporter: nullius | Owner:
| cypherpunks
Type: enhancement | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: security, privacy, anonymity, mitm, | Actual Points:
cloudflare |
Parent ID: #18361 | Points: 1000
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
warning users about MitM not end-to-end on https is important. modern
broswers also give non https the label "not secure" ! with still direct
connection and plaintext. but worse is MitM plaintext eavesdropper. This
should be a bold alarming red warning.
Replying to [comment:122 cypherpunks]:
> @cyp121
>
> > the ipranges are public
>
> You linked to Cloudflare.com's data. Unfortunately their data is
imcomplete.
> Here is the all ranges owned by the corporation. Better use it.
>
> https://codeberg.org/crimeflare/cloudflare-
tor/src/branch/master/cloudflare_inc
thanks for link, i have looked quickly over it and found that it is
incomplete vice-versa. not meaning only the subnet notation difference.
but first found example official public:
{{{
2c0f:f248::/32
}}}
> I already blocked them on my gateway server and I have 0 problem.
>
> > not only cloudflare is the problem
> > But no all CDN are in MitM position.
>
> I agree, but the Cloudflare is the biggest and worst.
> Unlike normal CDNs which serves only "static" files, CF is a full
reverse proxy
> which serving dynamic contents.
>
> > cloud logo with a little metallic "∩"
>
> With orange or red color, I think.
as long this lock will not let you give you falsely think you have
security. anything but not green. like there was yellow locks on mixed
content. orange will remind us of cloudflarecrime only. red like invalid
certificate.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:126>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs