[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 1 11:35:41 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by jgrahamc):
Replying to [comment:184 cypherpunks]:
> Replying to [comment:182 jgrahamc]:
> > I'm not sure how you come up with the 5% number but I think you
underestimate how complicated deciding what R/O is in the web. Plenty of
attacks come through GET requests. Doing the R/O mode seems like a nasty
hack.
>
> To me R/O would be delivering the cache that you have. The request would
never see the actual website. This would also discourage adversaries that
repeatedly pull websites to have an automated advantage at idk ticket
sales as the cache does not have to be the most recent.
There are a lot of assumptions here. For example, this assumes that we
have all the pages in cache and all the assets. It assumes that web pages
can be displayed without any POSTs happening (so nothing dynamic at all).
In addition it ignores what happens if a Tor user comes to CloudFlare and
we don't have the item in cache, or the item is outdated.
This idea just kicks the ball down the line. The right solution is to
allow Tor users who are not behaving in a malicious manner 'normal' access
to the web.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:185>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list