[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 14:44:20 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by lunar):

 Replying to [comment:23 jgrahamc]:
 > Earlier @ioerror asked if there was open data on abuse from TOR exit
 nodes. In 2014 I wrote a small program called "torhoney" that pulls the
 list of exit nodes and matches it against data from Project Honeypot about
 abuse. That code is here: https://github.com/jgrahamc/torhoney. You can
 run it and see the mapping between an exit node and its Project Honeypot
 score to get a sense for abuse from the exit nodes.
 > I ran the program today and have data on 1,057 exit nodes showing that
 Project Honeypot marks 710 of them as a source of comment spam (67%) with
 567 having a score of greater than 25 (in the Project Honeypot terminology
 meaning it delivered at least 100 spam messages) (54%). Over time these
 values have been trending upwards. I've been recording the Project
 Honeypot data for about 13 months that the percentage of exit nodes that
 were listed as a source of comment spam was about 45% a year ago and is
 now around 65%.

 Could run the exact same test against all Comcast IP addresses aggregated
 as just once or another significant ISP?

 In the context of Tor, large exit nodes have as many users behind them as
 a whole IPv4 /16 or IP addresses used for [https://en.wikipedia.org/wiki
 /Carrier-grade_NAT Carrier-grade NAT].

 How are you handling CGNs so far?

 One piece of understanding that I feel Marek and you might be missing is
 that with Tor Browser, every domain (the darkest part of the URL in
 Firefox / Tor Browser) will different Tor circuits and different cookies.
 I don't think this match the experiment you had with your team: Tor users
 will get CAPTCHAs for every single CloudFlare domain, and for each of
 these domains, multiple times a day.

 Please ask your developers experiment using Tor Browser are their sole
 browser. I bet they will start to—at least—campaign StackOverflow to turn
 off the CAPTCHAs.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:49>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list