[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance



#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by lhi):

 Replying to [comment:23 jgrahamc]:
 > Hello. I'm CloudFlare's CTO.

 Hello. I'm yet another Tor user, victim of global mass surveillance and
 distrustful of anyone I have no reason to trust, angry after being
 repeatedly and systematically (ab)used as a CAPTCHA-solving bot by your
 network.

 >
 > ''There are companies - such as CloudFlare - which are effectively now
 Global Active Adversaries.''
 >
 > That's an inflammatory introduction. We are not adversarial to TOR as an
 entity, we are trying to deal with abuse that uses the TOR network. It's
 inevitable that a system providing anonymity gets abused (as well as
 used). I'm old enough to remember the trials and tribulations of the Penet
 remailer and spent a long time working in antispam.

 That's rich. You fully understood the meaning. You misrepresent what is
 being said, twisting the words around. The intended meaning is obviously
 that Johnny Doe user of the Tor system (which after all is based on
 distributing trust), or Tor itself, have no reason to trust the central
 and tentacular entity CloudFlare, which makes it, effectively, an
 adversary in security terms.

 >
 > Earlier @ioerror asked if there was open data on abuse from TOR exit
 nodes. In 2014 I wrote a small program called "torhoney" that pulls the
 list of exit nodes and matches it against data from Project Honeypot about
 abuse. That code is here: https://github.com/jgrahamc/torhoney. You can
 run it and see the mapping between an exit node and its Project Honeypot
 score to get a sense for abuse from the exit nodes.
 >

 This is "open data" insofar as one uncritically trusts "project honeypot"
 classification. sorry.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:70>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs