[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 6 11:49:37 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:  None

Comment (by tne):

 Replying to [comment:219 jgrahamc]:
 > I'm not sure that totally makes sense. It's better to think at an
 individual request level and ask "Does this request indicate abuse?" and
 then decide what to do. Of course, we can take into account other things
 as well, but we wouldn't want to wait around and measure abuse and then
 say "OK, now we'll start blocking it" because it might be too late (i.e.
 the customer may have been hacked/attacked in some way). I think both Tor
 users and our customers will be happy with a solution like that.

 The delay issue was my guess. I don't think the answer is as clear-cut
 however; it's a trade-off. Many sites will be fine with a few misses
 before your countermeasures kick in if that means they can still handle
 them easily without losing their own users/visitors whenever another
 random site at the other side of the planet is attacked from a shared IP.
 This is especially the case with spam abuse for example, which is not as
 dramatic as a breach and yet is probably the number one reason you assign
 bad rep scores (any published data on this?).

 It's not like you can catch everything all the time even now anyway, it's
 defense in depth and it's all in the numbers. Only you will know if it
 really makes sense (you have the data) and I appreciate your replies and
 the time you take to consider this suggestion. It is not for me to say of
 course, but I like to believe the suggestion is worth your time (from my
 admittedly limited perspective, I see potential to calm many people down
 this way -- it is not mine although it is an obvious one, many people are
 asking here and elsewhere).

 I agree wholeheartedly with your mention of focusing on individual
 requests instead (who wouldn't?). The problem is, it's just a promise at
 this point. If you could really do it efficiently and reliably, this
 entire discussion would be moot -- you could drop IP rep altogether.
 However, you don't, so evidently you can't (yet) do it efficiently and
 reliably, and timing matters. Whatever long-term plans CF might have
 regarding a strictly request-level approach, any short-term compromises
 will help. Also, can we honestly believe strictly-request-level solutions
 will someday be completely satisfactory? Data correlation is extremely
 powerful and the temptation (or even pressure from your customers, direct
 or indirect) will always remain to leverage it (as evidenced by your
 apparently very successful IP reputation system). Attempting to reduce
 CF's reliance on it is a noble goal that I support, I'm just afraid it is
 only a mirage that will only perpetuate the status quo (which, in my view
 and that of many others, is hardly tenable). Hopefully I don't come across
 as a defeatist, I'm just trying to be realistic (hence the more nuanced

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:220>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list