[tbb-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 10 10:26:50 UTC 2018 

#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:57 cypherpunks]:
 > Replying to [comment:56 akrey]:
 > > Cloudflare is not a man in the middle. Cloudflare is authorized to
 provide the SSL termination for origin, by origin.
 > >
 >
 > And I, as the user, didn't want Cloudflare to read my data.
 > I agree to the terms and conditions of CLOUDFLARED.COM but I didn't
 agree to CLOUDFLARE.
 > Read Firfox Focus Github issue. The "user" must have a right to decide
 access or not access to the website. Not you.
 >
 > > Do you say that tbb should block sites because their internal setup is
 insecure (and yes, cloudflare ''is'' part of that 'internal setup')?
 > >
 >
 > At least raise a warning that the website is proxied by the company like
 Cloudflare.
 > This is a MITM. If you disagree, read Wikipedia.
 >
 > > Should tbb also block sites that run on rented cloud machinery,
 because they areinherently insecure, and subvertible by the hosting
 companies?
 > >
 >
 > Are you nuts? Read Wikipedia before you write anything.
 >
 > > Should tbb also block google-analytics, for obvious reasons?
 >
 > What the fuck? You are clearly misleading.

 Cypherpunk: please stay civilized. This is our bug tracker.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:58>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list