[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 15:13:50 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Changes (by massar):
* cc: jeroen@… (added)
Comment:
Silly-side-track idea I am throwing out there:
Why does CloudFlare not run a .onion proxy for their sites?
That way, Tor gets rate limited through the Tor network and in addition at
that CloudFlare-run .onion node.
There is no more possibility of a DoS from an exit, as the Tor client can
go through the proxy, Tor exits that do not are not following protocol.
Thus, for short-term keep on serving the always broken captcha's along
with the below extra details, then in the long term just a "Hi, you are
coming from Tor, please use the proxy instead, if you see this you should
have updated TBB by now...".
Thus instead of serving the captcha or in addition, serve a few extra
headers:
```
<meta name="onion-proxy" url="socks5://<hash>.onion:1080">
```
or if a direct onion exists for the site (tell folks they can configure
that, heck, charge people for that service if you want):
```
<meta name="onion-url" url="https://<hash>.onion">
```
TBB could have a built-in list of "well known proxies", eg the CloudFlare
ones, the ones for Akamai and many other CDNs, for others it could pop up
a "This site can be reached through Tor without leaving the Tor network,
please consider using it".
TBB can also keep a cache of 'recently seen onion-*' so that it does not
have to exit the Tor network to figure out where to go.
Normal HTTP cache times can be used if really wanted, or we can add a
'expires' tag to the meta URLs above.
For anonymity this can only be a win, as connections do not leave the Tor
network anymore, also it reduces load on the exits (which IMHO should not
exist in the first place, everything should be available in the Tor
network directly...).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:54>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list