[tbb-bugs] #24351 [Applications/Tor Browser]: Fuck Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 15 23:26:17 UTC 2018


#24351: Fuck Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 > It is authorized by both websites owners (who have explicitly made staps
 to use it),
 > and website users (who agree with websites' ToS in order to use it)

 Not all people read long TOS. You can find many people who didn't realize
 how Cloudflare works in technical way, JUST LIKE YOU.
 "And website users" is incorrect. Not all websites have TOS. For example,
 this trac.torproject.org. Where's TOS? I didn't agree to anything!
 Another problem is I did not allow Cloudflare to read anything. They are
 silently standing between me and website owner, who signed up CF for FREE,
 $0, COMODO HTTPS certificate.
 WhatTheFuckEver, by Wikipedia's DEFINITION, this is clearly called "MITM
 ATTACK".
 Don't like it? Edit Wikipedia.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:63>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list