[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 6 10:01:08 UTC 2016 

#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:  None
------------------------------------------+--------------------------

Comment (by jgrahamc):

 Replying to [comment:218 tne]:
 > Replying to [comment:217 jgrahamc]:
 > Sure, I think we all understand that; the decision to block using a
 CAPTCHA is based on the reputation of the origin IP only. Can you, in
 addition, take into account the status of the destination site? (Similar
 to what you do in DDoS situations when you classify sites as "Under
 attack" in order to, as I understand it, deploy different
 countermeasures.)

 We will throw CAPTCHAs in other situations not just for IP reputation.
 CAPTCHA is one of a number of countermeasures we have and is used in
 different ways.

 > So: if the site is "actively observing abuse" and the IP has bad
 reputation, block using a CAPTCHA as usual. If the site is not "actively
 observing abuse" or the IP reputation is good, let the request go through.
 >
 > My question (hopefully clarified now) is: How hard would it be to
 establish (and remove) this "observing abuse" status (if it makes sense at
 all)?

 I'm not sure that totally makes sense. It's better to think at an
 individual request level and ask "Does this request indicate abuse?" and
 then decide what to do. Of course, we can take into account other things
 as well, but we wouldn't want to wait around and measure abuse and then
 say "OK, now we'll start blocking it" because it might be too late (i.e.
 the customer may have been hacked/attacked in some way). I think both Tor
 users and our customers will be happy with a solution like that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:219>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list