[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 07:13:24 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Changes (by yawning):
* cc: isis (added)
Comment:
cc-ing isis since this covers earlier work.
Replying to [comment:1 marek]:
> Disclaimer: I work for CloudFlare. Disclaimer: Comments here are
opinions of myself, not my employer.
>
> I will restrain myself and not comment on the political issues Jacob
raised. I'll keep it technical.
>
> > I would like to find a solution with Cloudflare - but I'm unclear that
the correct answer is to create a single cookie that is shared across all
sessions - this effectively links all browsing for the web.
>
> A thousand times yes. I raised this option a couple times (supercookie)
and we agreed this is a bad idea. I believe there is a cryptographic
solution to this. I'm not a crypto expert, so I'll allow others to explain
this. Let's define a problem:
>
> > There are CDN/DDoS companies in the internet that provide spam
protection for their customers. To do this they use captchas to prove that
the visitor is a human. Some companies provide protection to many
websites, therefore visitor from abusive IP address will need to solve
captcha on each and all domains protected. Let's assume the CDN/DDoS don't
want to be able to correlate users visiting multiple domains. Is it
possible to prove that a visitor is indeed human, once, but not allow the
CDN/DDoS company to deanonymize / correlate the traffic across many
domains?
>
> In other words: is it possible to provide a bit of data (i'm-a-human)
tied to the browsing session while not violating anonymity.
Yes. This is a problem that "Anonymous Credential" systems are designed
to solve. A example of a system with most of the properties that are
desired is presented in Au, M. H., Kapadia, A., Susilo, W., "BLACR: TTP-
Free Blacklistable Anonymous Credentials with Reputation"
(https://www.cs.indiana.edu/~kapadia/papers/blacr-ndss-draft.pdf). Note
that this is still an active research area, and BLACR it of itself may not
be practical/feasible to implement, and is listed only as an example since
the paper gives a good overview of the problem and how this kind of
primitive can be used to solve the problem.
Isis can go into more details on this sort of thing, since she was trying
to implement a similar thing based on Mozilla Persona (aborted attempt due
to Mozilla Persona being crap).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list