Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:
                                                 |  cypherpunks
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:  1000
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 warning users about MitM not end-to-end on https is important. modern
 broswers also give non https the label "not secure" ! with still direct
 connection and plaintext. but worse is MitM plaintext eavesdropper. This
 should be a bold alarming red warning.

 Replying to [comment:122 cypherpunks]:
 > @cyp121
 >
 > > the ipranges are public
 >
 > You linked to Cloudflare.com's data. Unfortunately their data is
 imcomplete.
 > Here is the all ranges owned by the corporation. Better use it.
 >
 > https://codeberg.org/crimeflare/cloudflare-
 tor/src/branch/master/cloudflare_inc
 thanks for link, i have looked quickly over it and found that it is
 incomplete vice-versa. not meaning only the subnet notation difference.
 but first found example official public:
 {{{
 2c0f:f248::/32

 }}}

 > I already blocked them on my gateway server and I have 0 problem.
 >
 > > not only cloudflare is the problem
 > > But no all CDN are in MitM position.
 >
 > I agree, but the Cloudflare is the biggest and worst.
 > Unlike normal CDNs which serves only "static" files, CF is a full
 reverse proxy
 > which serving dynamic contents.
 >
 > > cloud logo with a little metallic "∩"
 >
 > With orange or red color, I think.
 as long this lock will not let you give you falsely think you have
 security. anything but not green. like there was yellow locks on mixed
 content. orange will remind us of cloudflarecrime only. red like invalid
 certificate.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:126>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs