[tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Nov 19 04:21:57 UTC 2017
#24351: Block Global Active Adversary Cloudflare
-------------------------------------+-------------------------------------
Reporter: nullius | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: security, privacy,
Severity: Normal | anonymity, mitm, cloudflare
Actual Points: | Parent ID: #18361
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
#18361 and its comments adequately summarize the general problem with
Cloudflare’s MITM attack on the Internet. I need not repeat, save to
emphasize that when Tor Browser alleges it has a secure (TLS) connection,
it is '''lying to the user''' if the connection runs through a known MITM.
A reasonable workaround is for Tor Browser to block all Cloudflare sites
loaded through HTTPS, or ''at least'' warn the user when such a site is
loaded. This can be done by detecting the non-standard `CF-Ray:` HTTP
header.
I suggest that this security enhancement should be tied to the Security
Slider. On High, all HTTPS connections which receive said response header
should immediately terminate, with an error message given to the user. On
Medium, the user should be warned and asked whether Tor Browser should
proceed. On Low, where all manner of mischief is allowed by default (even
non-TLS-loaded Javascript!), Cloudflare page loads may be permitted
without warning. Users who run on the Low setting are begging to be
pwned, anyway.
As an ancillary benefit, this feature will also obviate the specious
reasoning behind demands to bundle untrusted third-party software with Tor
Browser. See #24321.
Perhaps most visibly from a user experience and support perspective, this
feature will also save users much wasted time solving pointless CAPTCHAs
to visit sites which are mostly idiotic, anyway. This should result in
reduced user complaints about network breakage deliberately caused by
third parties outside the Tor Project’s control.
See also Debian bug: https://bugs.debian.org/831835
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list