[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 14:42:51 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by cypherpunks):
CAPTCHAs are a fundamentally untenable solution to dealing with DDOS
attacks. Algorithmic solutions will always catch up to evolving CAPTCHA
methods. CloudFlare and other service providers should recognize that is
the inevitable direction technology is going and abandon it now.
An alternate solution is a client proof-of-work protocol. This puts a
greater burden on attackers attempting to establish many connections than
on users who only need one connection. Then once a TLS session is
established, the server can determine from behavior of that client whether
it's an attacker and drop the connection. We should try to standardize
that and get it into TLS implementations so service providers have an easy
configuration choice.
https://tools.ietf.org/html/draft-nir-tls-puzzles-00
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:47>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list