[tbb-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Nov 19 04:21:57 UTC 2017

#24351: Block Global Active Adversary Cloudflare
     Reporter:  nullius              |      Owner:  tbb-team
         Type:  enhancement          |     Status:  new
     Priority:  High                 |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  security, privacy,
     Severity:  Normal               |  anonymity, mitm, cloudflare
Actual Points:                       |  Parent ID:  #18361
       Points:                       |   Reviewer:
      Sponsor:                       |
 #18361 and its comments adequately summarize the general problem with
 Cloudflare’s MITM attack on the Internet.  I need not repeat, save to
 emphasize that when Tor Browser alleges it has a secure (TLS) connection,
 it is '''lying to the user''' if the connection runs through a known MITM.

 A reasonable workaround is for Tor Browser to block all Cloudflare sites
 loaded through HTTPS, or ''at least'' warn the user when such a site is
 loaded.  This can be done by detecting the non-standard `CF-Ray:` HTTP

 I suggest that this security enhancement should be tied to the Security
 Slider.  On High, all HTTPS connections which receive said response header
 should immediately terminate, with an error message given to the user.  On
 Medium, the user should be warned and asked whether Tor Browser should
 proceed.  On Low, where all manner of mischief is allowed by default (even
 non-TLS-loaded Javascript!), Cloudflare page loads may be permitted
 without warning.  Users who run on the Low setting are begging to be
 pwned, anyway.

 As an ancillary benefit, this feature will also obviate the specious
 reasoning behind demands to bundle untrusted third-party software with Tor
 Browser.  See #24321.

 Perhaps most visibly from a user experience and support perspective, this
 feature will also save users much wasted time solving pointless CAPTCHAs
 to visit sites which are mostly idiotic, anyway.  This should result in
 reduced user complaints about network breakage deliberately caused by
 third parties outside the Tor Project’s control.

 See also Debian bug:  https://bugs.debian.org/831835

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list