[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by jeffburdges):
Just to clarify : Adding auto-pay support to Taler is basically the same
solution being discussed internally at CloudFlare. We just have working
blind singing code that runs in the browser already done. :)
These CAPTCHAs won't be so annoying if you solve one CAPTCHA for x page
loads access everything, even across TBB sessions. As opposed to one
CAPTCHA per domain per TBB session. It's just amortizing the CAPTCHAs
really.
ioerror, I agree that tokens for merely viewing web pages is extreme. We
should absolutely continue lobbying CloudFlare to apply their filters more
precisely. We do still need a token based scheme for anything that
triggers SQL though because asking Tor users to solve a CAPTCHA anytime
they want to post anything is also extreme.
Also, one could imagine issuing tokens in other ways besides CAPTCHAs once
we have an auto-pay blind singing based infrastructure deployed. I
dislike most idea in this space, like a facebook app that gives you
CloudFlare tokens. ;)
As an aside, there is an interesting anonymous white/black listing
protocol implicit in Taler's refresh protocol : If you do not miss behave
then you get your token refunded, meaning far fewer CAPTCHAs. I think
refreshing tokens offers stronger anonymity than all the anonymous
white/black listing protocols that I've seen in the literature (see Isis'
comment, although I haven't read BLACR). It's even post-quantum. Now
Taler's refresh protocol costs 3ish RSA signatures, while a simpler coin
refresh costs only one, but Taler's refresh helps obstruct a market token
distribution though. I can explain all this in person if you like, but
probably any near term deployment would avoid refreshing entirely.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:55>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs