[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 15:34:45 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by massar):

 Replying to [comment:56 ioerror]:
 > Replying to [comment:54 massar]:
 > > Silly-side-track idea I am throwing out there:
 > >
 > > Why does CloudFlare not run a .onion proxy for their sites?
 > >
 > Tor is an onion proxy? :-)


 I used that wording though to indicate that in the browser URL bar it will
 still say https://www.HostedByCDN.com (and thus HTTPS certificates keep on
 working) while TBB actually just redirects those through the indicated
 SOCKS proxy (ala what FoxyProxy does for Chrome).

 If CF and other CDNs would implement something like that suddenly a lot of
 content would automatically start existing on the Tor network, which does
 not have any surveillance issues when going through an exit. (of course
 what the CDN network and then the final recipient do is still all voodoo,
 but it is better than going through an exit you can't fully trust;
 ignoring TLS there for a bit).

 > It could be that the captcha page, upon detecting Tor, could redirect to
 a CF controlled .onion that has a read only version of the website, for

 IMHO forcing a 30{123} redirect is far from a good solution, that should
 be a browser and thus a user choice.

 Maybe the user is mis-detected as being a Tor user (though exit lists are
 pretty much 'correct') or they do not want that mode of operation to reach
 the site. Also, why bother redirecting a Bot there, if a Bot was properly
 written it reads the meta tag and uses that (I mean, if you specifically
 program your bot to crawl over Tor then you can use the meta tag too).

 Also, if that meta line is included everywhere, an aware browser could
 suggest to the user "hey, you can use Tor for this site" which is also a

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:57>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list