[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 7 05:55:08 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by yawning):

 Replying to [comment:192 cypherpunks]:
 > Replying to [comment:190 yawning]:
 > > Proof of concept, if you actually use this for anything other than
 "testing said proof of concept" you get what you deserve.  The README.md
 has dire warnings about reduction in anonymity, and I will point and laugh
 at people that have bad things happen to them.
 > >
 > > https://git.schwanenlied.me/yawning/cfc
 > archive.li (which is what archive.is serves all the images from) is
 using cloudflare now :(

 Proof of concept is a proof of concept.  Switching the archive service
 used is a one line change (Suggestions accepted, though `archive.is` seems
 to have the least suck privacy/takedown policies).

 Maybe someone should contact them to see if they are willing to whitelist
 Tor access.

 I felt inspired and wrote the code for "scrape the DOM to see if it
 actually is a captcha page, and inject a unblock me now button"
 (https://imgur.com/MW71d3g).  Not in git, I want to get some more things
 done before I push.

 The button works even with NoScript set to paranoid values.

 When I have time I'll finalize the UI.  I'm leaning towards mirroring the
 NoScript UX with "Allow CloudFlare globally (Dangerous)" (Switches between
 the fast reject behavior and the new DOMscraping/injection based
 unblocking), and some menu items that allow manipulating the internal non-
 persistent white/blacklist.

 (nb: I still would rather prefer clever crypto and I promised someone
 feedback about such.)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:195>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list