[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 06:50:17 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Changes (by ioerror):
* cc: arthuredelstein (removed)
Comment:
Replying to [comment:1 marek]:
> Disclaimer: I work for CloudFlare. Disclaimer: Comments here are
opinions of myself, not my employer.
>
Could you please ask your employer or other coworkers to come and talk
with us openly? Many members of our community, some which are also your
(server side) users, are extremely frustrated. It is in the best interest
of everyone to help find a solution for those users.
> I will restrain myself and not comment on the political issues Jacob
raised. I'll keep it technical.
>
What specifically is political versus technical? That CF is now a GAA?
That CF does indeed gather metrics? That CF does run untrusted (by me, or
other users) in our browsers? That your metrics count as a kind of
surveillance that is seemingly linked with a PRISM provider?
> > I would like to find a solution with Cloudflare - but I'm unclear that
the correct answer is to create a single cookie that is shared across all
sessions - this effectively links all browsing for the web.
>
> A thousand times yes. I raised this option a couple times (supercookie)
and we agreed this is a bad idea.
What is the difference between one super cookie and ~1m cookies on a per
site basis? The anonymity set appears to be *strictly* worse. Or do you
guys not do any stats on the backend? Do you claim that you can't and
don't link these things?
> I believe there is a cryptographic solution to this. I'm not a crypto
expert, so I'll allow others to explain this. Let's define a problem:
>
> > There are CDN/DDoS companies in the internet that provide spam
protection for their customers. To do this they use captchas to prove that
the visitor is a human. Some companies provide protection to many
websites, therefore visitor from abusive IP address will need to solve
captcha on each and all domains protected. Let's assume the CDN/DDoS don't
want to be able to correlate users visiting multiple domains. Is it
possible to prove that a visitor is indeed human, once, but not allow the
CDN/DDoS company to deanonymize / correlate the traffic across many
domains?
Here is a non-cryptographic, non-cookie based solution: Never prompt for a
CAPTCHA on GET requests.
For such a user - how will you protect any information you've collected
from them? Will that information be of higher value or richer technical
information if there is a cookie (super, regular, whatever) tied to that
data?
> In other words: is it possible to provide a bit of data (i'm-a-human)
tied to the browsing session while not violating anonymity.
This feels like a trick question - behavioral analysis is in itself
reducing the anonymity set by adding at least one bit of information. My
guess is that it is a great deal more than a single bit - especially over
time.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list