[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by jeffburdges):

 We're adding an "auto-pay" option to the auditor signing keys in GNU Taler
 to allow the creation of denomination signing keys for automatic payments
 without user confirmation.  https://taler.net/

 Automatic payments are a potential deanonymization vector if the attacker
 can issue as many denomination keys as they like.  We'd therefore envision
 the Tor project being the auditor who limits the issuing of new
 denomination signing keys.

 Ideally, CloudFlare would run a mint whose denomination keys the Tor
 project signs every few months.  Anytime a TBB user solves a CloudFlare
 CAPTCHA they'd receive stash of token that TBB automatically uses to
 access pages.

 We've actually had some limited discussions with CloudFlare about doing
 this.  I'll speak about it some at the Tor dev meeting later this week.
 Along with several interesting variations.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs