[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:
                                                 |  cypherpunks
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:  1000
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by kareldonk):

 About two years ago Cloudflare’s CEO Matthew Prince mentioned how nobody
 should have the power to decide whether or not someone should be allowed
 on the Internet, after he decided to take down The Daily Stormer website.
 Here’s what the moron had to say:

     Literally, I woke up in a bad mood and decided someone shouldn’t be
 allowed on the Internet. No one should have that power.

 Well guess what? Today Prince decided to stop providing services to 8chan
 after the mass shootings in Texas; as he explains on the Cloudflare blog:

     We do not take this decision lightly. Cloudflare is a network
 provider. In pursuit of our goal of helping build a better internet, we’ve
 considered it important to provide our security services broadly to make
 sure as many users as possible are secure, and thereby making cyberattacks
 less attractive — regardless of the content of those websites. […] We
 reluctantly tolerate content that we find reprehensible, but we draw the
 line at platforms that have demonstrated they directly inspire tragic
 events and are lawless by design. 8chan has crossed that line. It will
 therefore no longer be allowed to use our services.

     Unfortunately, we have seen this situation before and so we have a
 good sense of what will play out. Almost exactly two years ago we made the
 determination to kick another disgusting site off Cloudflare’s network:
 the Daily Stormer. That caused a brief interruption in the site’s
 operations but they quickly came back online using a Cloudflare
 competitor.

     …

     I have little doubt we’ll see the same happen with 8chan. While
 removing 8chan from our network takes heat off of us, it does nothing to
 address why hateful sites fester online.

 I’m sorry, come again? I thought you said “nobody should have the power to
 decide who’s allowed on the Internet”? Looks like Prince is more
 interested in being politically correct and “taking the heat off” of
 Cloudflare instead of doing the right thing — which is to not censor or
 deplatform anyone.

 But a more alarming quote from his blog post is the following:

     In the two years since the Daily Stormer what we have done to try and
 solve the Internet’s deeper problem is engage with law enforcement and
 civil society organizations to try and find solutions. Among other things,
 that resulted in us cooperating around monitoring potential hate sites on
 our network and notifying law enforcement when there was content that
 contained an indication of potential violence. We will continue to work
 within the legal process to share information when we can to hopefully
 prevent horrific acts of violence.

 You mean surveillance, right Matthew? Spying? Is this why Cloudflare wants
 to man-in-the-middle (MITM) all ((encrypted) (HTTP)) traffic on the
 Internet? I guess sooner or later the mask had to begin coming off right?
 Looks like Cloudflare is going down the same path of breaking all privacy
 and security on the Internet like Facebook.

 This is exactly why I said before that Cloudflare cannot be trusted with
 their 1.1.1.1 App and Warp VPN service:

     This product seems to fit into their general strategy of wanting to
 man-in-the-middle (MITM) themselves into most of the traffic on the
 Internet, […] The question is, can you trust them? Do you want to take the
 risk of trusting them? Keep in mind that if you use their Warp VPN
 product, they will be able to see and inspect all your Internet
 communications, and will  be able to block you from visiting certain
 websites if they want to. Or perhaps even serve you a completely different
 version of a website without you realizing it. And yes, this is a
 possibility for every VPN out there, not just Cloudflare’s Warp. But
 again, the thing about Cloudflare is that they have already demonstrated
 to act contrary to their promise to “protect” their users from attacks.
 They have demonstrated to break promises, just like other corporations
 such as Facebook.

 The same goes for their IPFS gateway; it can’t be trusted. So let me be
 clear and reiterate what I said before: “anyone who trusts Cloudflare
 today has got to be a fucking idiot.”

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:138>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs