[tor-bugs] #24351 [Applications/Tor Browser]: Fuck Global Active Adversary Cloudflare (was: Support Global Active Adversary Cloudflare)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 15 12:30:03 UTC 2018 

#24351: Fuck Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
 Reporter:  nullius                              |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  security, privacy, anonymity, mitm,  |  Actual Points:
  cloudflare                                     |
Parent ID:  #18361                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by cypherpunks):

 * priority:  High => Very High
 * status:  closed => reopened
 * resolution:  worksforme =>
 * severity:  Major => Critical


Comment:

 1 CloudFlare is not doing MiTM. MiTM is unauthorized. CF is authorized
 intermediary. It is authorized by both websites owners (who have
 explicitly made staps to use it), and website users (who agree with
 websites' ToS in order to use it).
 2 Padlock icon is about TLS connection trustworthyness, not about
 trustworthyness of the server it connects to. IMHO CF TLS connection
 settings are the ones of the best I ever saw.
 3 TP needs to cooperate with Cloudflare in order to create really privacy-
 preserving solution. No cooperation on surveillance. TP needs to develop
 an own solution and suggest CloudFlare to allow access to the users using
 it. If they disagree without giving sufficient technical reason, or if
 they delay the answer for too long (TP must mention this), TP should
 contact all major mass media and say "CloudFlare is f*cking b*st*rds who
 wanna spy on everyone! Their denial to use our solution is because of it,
 they couldn't name any privacy flaw in it, but they denied to use it.
 There is no other explanation rather than a will for espionage!"

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:62>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list