[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 06:50:17 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
Changes (by ioerror):

 * cc: arthuredelstein (removed)


 Replying to [comment:1 marek]:
 > Disclaimer: I work for CloudFlare. Disclaimer: Comments here are
 opinions of myself, not my employer.

 Could you please ask your employer or other coworkers to come and talk
 with us openly? Many members of our community, some which are also your
 (server side) users, are extremely frustrated. It is in the best interest
 of everyone to help find a solution for those users.

 > I will restrain myself and not comment on the political issues Jacob
 raised. I'll keep it technical.

 What specifically is political versus technical? That CF is now a GAA?
 That CF does indeed gather metrics? That CF does run untrusted (by me, or
 other users) in our browsers? That your metrics count as a kind of
 surveillance that is seemingly linked with a PRISM provider?

 > > I would like to find a solution with Cloudflare - but I'm unclear that
 the correct answer is to create a single cookie that is shared across all
 sessions - this effectively links all browsing for the web.
 > A thousand times yes. I raised this option a couple times (supercookie)
 and we agreed this is a bad idea.

 What is the difference between one super cookie and ~1m cookies on a per
 site basis? The anonymity set appears to be *strictly* worse. Or do you
 guys not do any stats on the backend? Do you claim that you can't and
 don't link these things?

 > I believe there is a cryptographic solution to this. I'm not a crypto
 expert, so I'll allow others to explain this. Let's define a problem:

 > > There are CDN/DDoS companies in the internet that provide spam
 protection for their customers. To do this they use captchas to prove that
 the visitor is a human. Some companies provide protection to many
 websites, therefore visitor from abusive IP address will need to solve
 captcha on each and all domains protected. Let's assume the CDN/DDoS don't
 want to be able to correlate users visiting multiple domains. Is it
 possible to prove that a visitor is indeed human, once, but not allow the
 CDN/DDoS company to deanonymize / correlate the traffic across many

 Here is a non-cryptographic, non-cookie based solution: Never prompt for a
 CAPTCHA on GET requests.

 For such a user - how will you protect any information you've collected
 from them? Will that information be of higher value or richer technical
 information if there is a cookie (super, regular, whatever) tied to that

 > In other words: is it possible to provide a bit of data (i'm-a-human)
 tied to the browsing session while not violating anonymity.

 This feels like a trick question - behavioral analysis is in itself
 reducing the anonymity set by adding at least one bit of information. My
 guess is that it is a great deal more than a single bit - especially over

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list