[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 06:57:38 UTC 2016


#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
------------------------------------------+--------------------------

Comment (by willscott):

 Replying to [comment:1 marek]:
 > > There are CDN/DDoS companies in the internet that provide spam
 protection for their customers. To do this they use captchas to prove that
 the visitor is a human. Some companies provide protection to many
 websites, therefore visitor from abusive IP address will need to solve
 captcha on each and all domains protected. Let's assume the CDN/DDoS don't
 want to be able to correlate users visiting multiple domains. Is it
 possible to prove that a visitor is indeed human, once, but not allow the
 CDN/DDoS company to deanonymize / correlate the traffic across many
 domains?
 >
 > In other words: is it possible to provide a bit of data (i'm-a-human)
 tied to the browsing session while not violating anonymity.
 >
 >
 This sounds very much like something that could be provided through the
 use of zero-knowledge proofs. It doesn't seem clear to me that being able
 to say "this is an instance of tor which has already answered a bunch of
 captcha's" is actually useful. I think the main problem with captchas at
 this point is that robots are just about as good at answering them as
 humans. Apparently robots are worse than humans at building up tracked
 browser histories. That seems like a harder property for a tor user to
 prove.

 What sort of data would qualify as an 'i'm a human' bit?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list