[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 15:13:50 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |
Changes (by massar):

 * cc: jeroen@… (added)


 Silly-side-track idea I am throwing out there:

 Why does CloudFlare not run a .onion proxy for their sites?

 That way, Tor gets rate limited through the Tor network and in addition at
 that CloudFlare-run .onion node.

 There is no more possibility of a DoS from an exit, as the Tor client can
 go through the proxy, Tor exits that do not are not following protocol.

 Thus, for short-term keep on serving the always broken captcha's along
 with the below extra details, then in the long term just a "Hi, you are
 coming from Tor, please use the proxy instead, if you see this you should
 have updated TBB by now...".

 Thus instead of serving the captcha or in addition, serve a few extra
 <meta name="onion-proxy" url="socks5://<hash>.onion:1080">
 or if a direct onion exists for the site (tell folks they can configure
 that, heck, charge people for that service if you want):
 <meta name="onion-url" url="https://<hash>.onion">

 TBB could have a built-in list of "well known proxies", eg the CloudFlare
 ones, the ones for Akamai and many other CDNs, for others it could pop up
 a "This site can be reached through Tor without leaving the Tor network,
 please consider using it".

 TBB can also keep a cache of 'recently seen onion-*' so that it does not
 have to exit the Tor network to figure out where to go.
 Normal HTTP cache times can be used if really wanted, or we can add a
 'expires' tag to the meta URLs above.

 For anonymity this can only be a win, as connections do not leave the Tor
 network anymore, also it reduces load on the exits (which IMHO should not
 exist in the first place, everything should be available in the Tor
 network directly...).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:54>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list