[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 13:03:50 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by ioerror):
Replying to [comment:23 jgrahamc]:
> Hello. I'm CloudFlare's CTO.
>
> ''There are companies - such as CloudFlare - which are effectively now
Global Active Adversaries.''
>
> That's an inflammatory introduction. We are not adversarial to TOR as an
entity, we are trying to deal with abuse that uses the TOR network.
It is a statement of facts about capabilities. It is not inflammatory -
Tor must take into account that Google, for example, can run arbitrary
code from many thousands of websites visited in Tor Browser.
To say that CF is not adversarial is awkward - Tor users are prevented
from browsing the web and are constantly blocked. I do not believe that CF
has yet made this a specific act of malice, of course. To design such a
system without considering how it will impact Tor users and then working
with us is however seriously problematic as we see from user reports.
> It's inevitable that a system providing anonymity gets abused (as well
as used). I'm old enough to remember the trials and tribulations of the
Penet remailer and spent a long time working in antispam.
Centralization ensures that your company is a high value target. The
ability to run code in the browsers of millions of computers is highly
attractive. The fact that CF and Google appear to both appear in those
captcha prompts probably ensures CF isn't even in control of the entirety
of the risk. Is it the case that for all the promises CF makes, Google is
actually in control of the Captcha - and thus is by proxy given the
ability to run code in the browsers of users visiting CF terminated sites?
Should we be reaching out to Google here?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list