[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare



#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:
                                                 |  cypherpunks
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare, TorBrowserTeamTriaged              |
Parent ID:  #18361                               |         Points:  1000
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ptaff):

 No matter how hard you work at protecting your privacy, trying to avoid
 tracking by Facebook and Google, installing adblockers and everything,
 those Cloudflare servers effectively MITM 10-15% of the world websites in
 the name of Denial-of-Service protection.

 Many, many of those websites "protected" by Cloudflare have their HTTPS
 certificate owned by Cloudflare; Cloudflare hence sees the communication
 in the clear. Credit card numbers and all.

 Thus they can build an impressive tracking system for users, with very
 high quality personal data.

 They now offer DNS resolution, trying to enrich their user tracking by
 adding data about traffic to servers not "protected" by Cloudflare.

 They disgust me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:177>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs