[tbb-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 24 19:59:11 UTC 2017

#24351: Block Global Active Adversary Cloudflare
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by cypherpunks):

 This isn't the correct solution. The green icon only tells you that the
 exit and the server you're communicating to (Cloudflare in this case) is
 encrypted, and that's it. It shouldn't extend to how someone sets up their
 website, otherwise it opens a slippery slope: why not block all websites
 because all servers have the backdoor that is Intel Management Engine or
 AMD's Platform Security Processor? Why not block all onion services on the
 same ground? Also, good luck confusing most users by blocking a large
 portion of the web: w3techs.com/technologies/history_overview/proxy/all

 (Yes, Cloudflare is evil and tries to pass as some kind of "anti-DDoSes
 hero" and with all their HN PR, this has no bearing on this however.)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list