[tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 10 10:20:35 UTC 2018
#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
Reporter: nullius | Owner: tbb-
| team
Type: enhancement | Status:
| reopened
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: security, privacy, anonymity, mitm, | Actual Points:
cloudflare |
Parent ID: #18361 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:56 akrey]:
> Cloudflare is not a man in the middle. Cloudflare is authorized to
provide the SSL termination for origin, by origin.
>
And I, as the user, didn't want Cloudflare to read my data.
I agree to the terms and conditions of CLOUDFLARED.COM but I didn't agree
to CLOUDFLARE.
Read Firfox Focus Github issue. The "user" must have a right to decide
access or not access to the website. Not you.
> Do you say that tbb should block sites because their internal setup is
insecure (and yes, cloudflare ''is'' part of that 'internal setup')?
>
At least raise a warning that the website is proxied by the company like
Cloudflare.
This is a MITM. If you disagree, read Wikipedia.
> Should tbb also block sites that run on rented cloud machinery, because
they areinherently insecure, and subvertible by the hosting companies?
>
Are you nuts? Read Wikipedia before you write anything.
> Should tbb also block google-analytics, for obvious reasons?
What the fuck? You are clearly misleading.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:57>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list