[tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 5 13:08:04 UTC 2018

#24351: Block Global Active Adversary Cloudflare
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by nullius):

 Ah, [comment:50 cypherpunks], you barely beat me to it.  I should like to

 At 2017-12-19T00:12:38Z, [comment:32 nullius]:
 > What is this, bug management for toddlers?  “Is bug!”  “Is not!”  ''“Is

 Stop closing bug reports for no reason.  It only makes pointless bugspam
 in the mailbox of everybody who follows the bug; and it changes nothing.

 Also, replying to [comment:48 cypherpunks]:
 > Tor Browser is not your privacy browser. Privacy is not Anonymity.

 I think that you’re in the wrong place.  '''“Tor Browser is not your
 privacy browser.”'''  I doubt that the Tor Browser team would be thrilled
 to add this statement to their advertising or the
 [https://www.torproject.org/projects/torbrowser/design/ Tor Browser design
 documentation].  If you disagree, then please open a separate bug to add
 the statement “Tor Browser is not your privacy browser” or '''“Non-goal:
 PRIVACY”''' to https://www.torproject.org/projects/torbrowser/design/ .
 It’s offtopic in this bug.

 I observe that by implication, you admit that Cloudflare is destructive to
 privacy, and that a “privacy browser” should take countermeasures against

 As for the conflation of privacy and anonymity, the two are certainly
 related; and each is a prerequisite to the other.  Per the terminology
 used by researchers, I prefer ''unlinkability'' to “anonymity” and will
 use that term here.  If a centralized mass-decryption chokepoint, which
 violates privacy in the small, could observe enough of your TLS sessions
 to link them together through a tiny bit of unique information you leak at
 each site, then you lose “anonymity” by definition.  Whereas unlinkability
 is necessary to privacy in the large:  An entity which can link your
 online activities can track them under a single identity, and watch
 everything you do.  Defending against this last is the Tor Project’s
 ''raison d’être''.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:51>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list