[tbb-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 29 14:31:09 UTC 2017 

#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by nullius):

 Replying to [comment:18 cypherpunks]:
 > The green icon only tells you that the exit and the server you're
 communicating to (Cloudflare in this case) is encrypted, and that's it.

 Incorrect.  If that were the case, then anon-DH ciphersuites would be
 acceptable.  Those are also securely 100% military-grade super-duper
 encrypted.  “...and that’s it.”

 The lock icon promises not only encryption, but also authentication of the
 endpoint and protection against MITM attacks.  Among other guarantees.

 > It shouldn't extend to how someone sets up their website, otherwise it
 opens a slippery slope: why not block all websites because all servers
 have the backdoor that is Intel Management Engine or AMD's Platform
 Security Processor?

 For the purposes of this bug, suggestions that some shadowy somebody may
 be using a hardware backdoor for the whole Internet do not equate to the
 certain knowledge that one clearly identified entity is ''in fact''
 performing realtime decryption of all TLS connections to millions of
 websites ''right now''.

 (I’d be thrilled to see a workable solution proposed as for the problem
 you raise, or even a reasonable assessment of its scope.  However, that is
 off-topic to this bug.)

 > Also, good luck confusing most users by blocking a large portion of the
 web:

 Users are being confused ''right now''.  They are being scammed by a
 promise of a “secure” connection to a certain identified website.
 Instead, they are being silently provided a “secure” connection to
 Cloudflare.  Not on one website, or even only a few, but across
 ''millions'' of websites.  The aggregate effect is critical to
 understanding the mass-surveillance implications.

 This bug is about solving user confusion, with warnings or errors as
 appropriate to different levels on the Security Slider.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list