Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by jgrahamc):

 Replying to [comment:35 ioerror]:
 > This is useful though it is unclear - is this what CF uses on the
 backend? Is this data the reason that Google's captchas are so hard to
 solve?

 It's a data source that we use for IP reputation. I was using it as
 illustrative as well because it's a third party. I don't know if there's
 any connection between Project Honeypot and Google's CAPTCHAs.

 > Offering a read only version of these websites that prompts for a
 captcha on POST would be a very basic and simple way to reduce the flood
 of upset users. Ensuring that a captcha is solved and not stuck in a 14 or
 15 solution loop is another issue - that may be a bug unsolvable by CF but
 rather needs to be addressed by Google. Another option, as I mentioned
 above, might be to stop a user before ever reaching a website that is
 going to ask them to run javascript and connect them between two very
 large end points (CF and Google).

 I'm not convinced about the R/O solution. Seems to me that Tor users would
 likely be more upset the moment they got stale information or couldn't
 POST to a forum or similar. I'd much rather solve the abuse problem and
 make this go away completely. Also, the CAPTCHA-loop thing is an issue
 that needs to be addressed by us and Google.

 I still think the blinded tokens thing is going to be interesting to
 investigate because it would help anonymously prove that the User-Agent
 was controlled by a human and could be sent eliminating the need for any
 JavaScript.

 > Does Google any end user connections for those captcha requests?

 Can you rewrite that? Couldn't parse it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:37>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs