[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 11:55:54 UTC 2016


#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by cypherpunks):

 See responses inline.

 Replying to [comment:23 jgrahamc]:

 >
 > ''Using CF as an example - they do not appear open to working together
 in open dialog,''
 >
 > Really? We've had multiple contacts with people working on TOR through
 events like Real World Crypto and have been trying to come up with a
 solution that will protect web sites from malicious use of TOR while
 protecting the anonymity of TOR users (such as myself).


 Yes, really.

 > We rolled out special handling of the TOR network so that users should
 not see a CAPTCHA on a circuit change.

 This has never worked, and I say that as someone who uses the Tor Browser
 Bundle every day.


 >We also changed the CAPTCHA to the new one since the old was serving very
 hard to handle text CAPTCHAs to TOR users.

 You should know that the CAPTCHA still works about 1 in 20 times in my
 experience, and that hasn't changed at all after you switched to the "new
 one."

 > The crypto guys who work for me are interested in blinded tokens as a
 way to solve both the abuse problem and preserve anonymity.

 That's nice but you're still completely censoring my use of your
 customer's websites all day every day.


 > I ran the program today and have data on 1,057 exit nodes showing that
 Project Honeypot marks 710 of them as a source of comment spam (67%) with
 567 having a score of greater than 25 (in the Project Honeypot terminology
 meaning it delivered at least 100 spam messages) (54%). Over time these
 values have been trending upwards. I've been recording the Project
 Honeypot data for about 13 months that the percentage of exit nodes that
 were listed as a source of comment spam was about 45% a year ago and is
 now around 65%.

 This is not a relevant fact for the vast majority of users whose right to
 read your company infringes on.

 >
 > So, I'm interested in hearing about technical ways to resolve these
 problems. Are there ways to reduce the amount of abuse through TOR? Could
 TorBrowser implement a blinded token scheme that would preserve anonymity
 and allow a Turing Test?

 You clearly don't understand the clearly articulated problem as it as
 described, and if you expect people to solve your team's inability to
 implement a censorship system, I hope you find the help you need.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list