[tor-bugs] #24321 [Applications/Tor Browser]: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare captcha madness!

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 18 20:00:20 UTC 2017

#24321: Include Cloudflare's Official "Privacy Pass" addon to end Cloudflare
captcha madness!
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Critical                  |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
Changes (by nullius):

 * cc: nullius@… (added)


 Please ''don’t''.  All of the following reasons are valid, and any would
 be sufficient to close this bug WONTFIX:

 1. The idea that Tor users should be forced to install arbitrary software
 to comply with the wishes of Tor-blockers is wrong, wrong, WRONG in
 principle.  To do so would set a horrid precedent.  What’s next, a Tor
 Browser plugin which provides blinded signatures from a smartcard chip in
 a government-issued “Internet Driver’s License”?  Such blinding should be
 done with some scheme which can be reversed by “escrowed” keys, of course.
 Hey, if you have nothing to hide, that would not only stop net abuse, it
 would also facilitate legitimate law enforcement!  (I am scared by the
 number of people who will not detect sarcasm in that statement.)

 2. Privacy Pass is still experimental.  Well, quote-unquote “beta”,
 according to their own [https://archive.is/W2Tii FAQ]:  “we regard Privacy
 Pass and the protocol we use as being beta releases currently and still
 under active development”.  Moreover, it is their own cryptographic
 construction—“[https://archive.is/RwRat developed independently]”—and a
 subtly novel one.  There is nothing wrong with that; all good crypto
 starts that way; but it does mean, this needs to be thoroughly peer-
 reviewed.  Frankly, it needs to see some serious public attempts to attack
 it (especially its promises of unlinkability).  This is NOT ready to be
 included with Tor Browser at all, let alone enabled by default.

 3. The right way to “end Cloudflare captcha madness!”, per this ticket’s
 title, is for Cloudflare to stop being mad—or better still, for its
 customers to dump it.  Not for the Tor Browser team to jump through
 Cloudflare-defined hoops, or feel their users are being held as hostages.
 Myself, I simply ignore most sites which demand a CAPTCHA for read-only,
 no-side-effect requests.  There are plenty of other sites I can go to.
 Their loss is worse than mine.  Really.  Throwing up a Cloudflare CAPTCHA
 before you deign to let me see your site is the equivalent of a Flash-
 required splash page 20 years ago.  It makes you look stupid.  Cloudflare
 “madness” is losing quality site visitors, and sites need to be told that.

 (Any apparent ire in the foregoing is not directed at Privacy Pass itself.
 It looks like a neat idea.  It needs crypto experts to hammer on it for
 awhile.  Then, sane sites ''may'' have more options for filtering the
 limited subset of requests which have high abuse potential.  Ire ''is''
 directed at Cloudflare, the Net’s single largest MITM security hole, which
 needs to die in a fire.  “IMO.”)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24321#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list