[tor-bugs] #18911 [User Experience/Website]: bitcoin donations via BitPay don't work properly for tor users (BitPay uses Cloudflare)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 31 10:31:35 UTC 2016
#18911: bitcoin donations via BitPay don't work properly for tor users (BitPay uses
Cloudflare)
-------------------------------------+---------------------------
Reporter: cypherpunks | Owner: Sebastian
Type: defect | Status: new
Priority: Medium | Milestone:
Component: User Experience/Website | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+---------------------------
Comment (by cypherpunks):
Yikes! It's despicable that torproject is using bitpay! This is wrong on
so many levels.
1) bitpay.com is insecure by design, MitM'd by CloudFlare.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835
2) CloudFlare is the most damaging adversary to the Tor community. It's an
embarrassment that Torproject is willing to patronize a CloudFlare patron,
while at the same time putting Tor users at risk to having their money
jacked. Tor is supposed to improve security, not damage security.
Possible fixes:
* Dump bitpay immediately.
Unreasonable fixes:
* Fixing the bitpay transactions so that the Tor community sponsors their
adversary and remains exposed to MitMs.
WTF!
Now that Bruce Schneier is on the board (welcome, Mr. Schneier), we expect
a solid solution to this ticket that shows that our own house is in order.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18911#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list