[tbb-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 31 05:25:17 UTC 2017

#24351: Block Global Active Adversary Cloudflare
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by cypherpunks):


 How do we implement this new function to "Tor Button"?

 How about:

 Tor Browser Security Settings

 > Low (default)
 Do nothing (as default description says).
 Cloudflared websites will greet you captcha, and you are not sure the
 website is
 using Cloudflare or not.

 > Medium
 Cloudflare websites's title and favicon are changed, so the user can
 notice it.
 (from add-on's settings: "Don't show warning message; just change title
 and favicon")

 > High
 Show a warning message on MiTMed websites.
 User can create a whitelist, but it will be purged each time the user
 click "New Identity"
 or restart the Tor Browser.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list