[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 07:55:23 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by ioerror):

 Replying to [comment:17 arthuredelstein]:
 > Maybe CloudFlare could be persuaded to use CAPTCHAs more precisely?
 > That is, present a CAPTCHA only when:
 > 1. the server owner has specifically requested that CAPTCHAs be used
 > 2. the server is actively under DoS attack, and
 > 3. the client's IP address is currently a source of the DoS.

 That seems interesting - I wish we had data to understand if these choices
 would help - it seems opaque how "threat scores" for IP addresses are
 computed. Is there any public information about it?

 > I think it's hugely overkill to show CAPTCHAs all the time to all Tor
 users for every CloudFlare site. It's also unreasonable to maintain a
 "reputation" for a Tor exit node.

 I agree.

 > On top of this, Google's reCAPTCHA is buggy and frequently impossible to
 solve. Has CloudFlare considered other CAPTCHAs, or discussed reCAPTCHA's
 problems with Google?

 I'm also interested in understanding the dataflow - could the FBI go to
 Google to get data on all CloudFlare users? Does CF protect it? If so -
 who protects users more?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list