[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 07:13:24 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
Changes (by yawning):

 * cc: isis (added)


 cc-ing isis since this covers earlier work.

 Replying to [comment:1 marek]:
 > Disclaimer: I work for CloudFlare. Disclaimer: Comments here are
 opinions of myself, not my employer.
 > I will restrain myself and not comment on the political issues Jacob
 raised. I'll keep it technical.
 > > I would like to find a solution with Cloudflare - but I'm unclear that
 the correct answer is to create a single cookie that is shared across all
 sessions - this effectively links all browsing for the web.
 > A thousand times yes. I raised this option a couple times (supercookie)
 and we agreed this is a bad idea. I believe there is a cryptographic
 solution to this. I'm not a crypto expert, so I'll allow others to explain
 this. Let's define a problem:
 > > There are CDN/DDoS companies in the internet that provide spam
 protection for their customers. To do this they use captchas to prove that
 the visitor is a human. Some companies provide protection to many
 websites, therefore visitor from abusive IP address will need to solve
 captcha on each and all domains protected. Let's assume the CDN/DDoS don't
 want to be able to correlate users visiting multiple domains. Is it
 possible to prove that a visitor is indeed human, once, but not allow the
 CDN/DDoS company to deanonymize / correlate the traffic across many
 > In other words: is it possible to provide a bit of data (i'm-a-human)
 tied to the browsing session while not violating anonymity.

 Yes.  This is a problem that "Anonymous Credential" systems are designed
 to solve.  A example of a system with most of the properties that are
 desired is presented in Au, M. H., Kapadia, A., Susilo, W., "BLACR: TTP-
 Free Blacklistable Anonymous Credentials with Reputation"
 (https://www.cs.indiana.edu/~kapadia/papers/blacr-ndss-draft.pdf).  Note
 that this is still an active research area, and BLACR it of itself may not
 be practical/feasible to implement, and is listed only as an example since
 the paper gives a good overview of the problem and how this kind of
 primitive can be used to solve the problem.

 Isis can go into more details on this sort of thing, since she was trying
 to implement a similar thing based on Mozilla Persona (aborted attempt due
 to Mozilla Persona being crap).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list