[tor-dev] Request for feedback/victims: cfc-0.0.2

Yawning Angel yawning at schwanenlied.me
Fri Apr 1 18:06:18 UTC 2016

On Fri, 01 Apr 2016 18:21:10 +0200
Jeff Burdges <burdges at gnunet.org> wrote:

> Are there any more sites where CloudFalre appears on archive.is?
> https://www.aei.org/publication/gen-michael-hayden-on-apple-the-fbi-and-data-encryption/
> It's some particularly harsh CloudFlare configuration perhaps? 

Without knowing how archive.is works, and how CloudFlare works, it's
hard to tell.

Since archive.is sets "X-Forwarded-For", it's not particularly hard to
figure out if a Tor user is the one requesting a snapshot.  I requested
a new snapshot and the captcha error page in the archive shows that
the IP of my exit, so part of the ClouldFlare infrastructure at least
peeks at the header.

I'll probably add support for other (user-configurable?) cached content
providers when I have time.  The archive.is person doesn't seem to want
to respond to e-mail, so asking them to optionally not set X-F-F, seems
like it'll go absolutely nowhere.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160401/ee8ebfcc/attachment.sig>

More information about the tor-dev mailing list