[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
    Tor Bug Tracker & Wiki 
    blackhole at torproject.org
       
    Mon Feb 22 06:22:06 UTC 2016
    
    
  
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------
Comment (by marek):
 Disclaimer: I work for CloudFlare. Disclaimer: Comments here are opinions
 of myself, not my employer.
 I will restrain myself and not comment on the political issues Jacob
 raised. I'll keep it technical.
 > I would like to find a solution with Cloudflare - but I'm unclear that
 the correct answer is to create a single cookie that is shared across all
 sessions - this effectively links all browsing for the web.
 A thousand times yes. I raised this option a couple times (supercookie)
 and we agreed this is a bad idea. I believe there is a cryptographic
 solution to this. I'm not a crypto expert, so I'll allow others to explain
 this. Let's define a problem:
 > There are CDN/DDoS companies in the internet that provide spam
 protection for their customers. To do this they use captchas to prove that
 the visitor is a human. Some companies provide protection to many
 websites, therefore visitor from abusive IP address will need to solve
 captcha on each and all domains protected. Let's assume the CDN/DDoS don't
 want to be able to correlate users visiting multiple domains. Is it
 possible to prove that a visitor is indeed human, once, but not allow the
 CDN/DDoS company to correlate the traffic?
 In other words: is it possible to provide a bit of data tied to the
 browsing session while not violating anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
    
    
More information about the tbb-bugs
mailing list