[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by marek):
Disclaimer: I work for CloudFlare. Disclaimer: Comments here are opinions
of myself, not my employer.
I will restrain myself and not comment on the political issues Jacob
raised. I'll keep it technical.
> I would like to find a solution with Cloudflare - but I'm unclear that
the correct answer is to create a single cookie that is shared across all
sessions - this effectively links all browsing for the web.
A thousand times yes. I raised this option a couple times (supercookie)
and we agreed this is a bad idea. I believe there is a cryptographic
solution to this. I'm not a crypto expert, so I'll allow others to explain
this. Let's define a problem:
> There are CDN/DDoS companies in the internet that provide spam
protection for their customers. To do this they use captchas to prove that
the visitor is a human. Some companies provide protection to many
websites, therefore visitor from abusive IP address will need to solve
captcha on each and all domains protected. Let's assume the CDN/DDoS don't
want to be able to correlate users visiting multiple domains. Is it
possible to prove that a visitor is indeed human, once, but not allow the
CDN/DDoS company to correlate the traffic?
In other words: is it possible to provide a bit of data tied to the
browsing session while not violating anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs