[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 07:24:12 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by marek):

 @ioerror: you are doing this again. You are mixing your opinions with
 technical reality. Please stop insulting me. Please focus on what can we
 can technically do to fix the problem.

 > Here is a non-cryptographic, non-cookie based solution: Never prompt for
 a CAPTCHA on GET requests.

 There are a number of problems with this model.

 (POST is hard) First, what actually the proxy should *do* on the POST?
 Abort your POST, serve captcha, and ask you to fill the POST again? Or
 accept your 10meg upload, serve captcha and ask you to upload it again?
 Now think about proxy behaviour during an attack. Doing captcha validation
 on POST is not a trivial thing.

 (blocking regions) Second, during an "attack" (call it ddos or something)
 the website owners often decide to block traffic from ceirtain regions.
 Many businesses care only about visitors from some geographical region,
 and in case of a DDoS are happy to just DROP traffic from other regions.
 This is not something to like or dislike. This is a reality for many
 website owners. Serving captcha is strictly better than disallowing the
 traffic unconditionally.

 (Not only spam, load as well) Third, there regularly are bot "attacks"
 that just spam website with continous flood of GET requests, for example
 to check if the offered product is released, the promotion started or
 price updated. This is a problem for some website owners and they wish to
 allow only traffic from vetted sessions.

 The underlying problem, is that for any ddos / spam protection system the
 source IP address is a very strong signal. Unfortunately many Tor exit
 IP's have bad IP reputation, because they _ARE_ often used for unwanted


 > What sort of data would qualify as an 'i'm a human' bit?

 Let's start with something not-worse than now: a captcha solved in last
 <XX> minutes.

 > This sounds very much like something that could be provided through the
 use of zero-knowledge proofs

 Yup. What do we do to implement one both on ddos protection side and on
 TBB side?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list