[tor-dev] Yawning's CFC, web caching, and PETs

Yawning Angel yawning at schwanenlied.me
Mon Apr 4 02:58:51 UTC 2016

On Sun, 03 Apr 2016 19:08:38 +0200
Jeff Burdges <burdges at gnunet.org> wrote:
> Should we try to organize some public chat about web caching at PETs
> or HotPETs this summer? 

Might be neat, though I'm not much one for conferences.  CFC is just a
proof of concept/tech demo, and all the real cleverness/scary stuff
goes on at the cache end...

> By that I mean, a discussion with anonymity researchers on security
> and anonymity concerns around making tools like Yawning's CFC a
> long-term solution to the CloudFlare problem? 
> Aside from our not knowing if CloudFlare will become more
> accommodating, a trustworthy web cache would enable more serious
> efforts towards alpha-mixing, either in Tor itself, or with mixnets
> on the side of Tor. And archival tools make the web better in
> numerous ways, like by making it harder to removing anything. 

Agreed.  IIRC part of Greatfire's ant-GFW circumvention system is
basically cached web content (https://github.com/greatfire/redirect-when-blocked),
so this sort of approach clearly has potential.

> There are interesting problems in this space like :  Big scary
> adversary issues.  Archiving TLS sessions along with HTML
> transformations so that subsequent clients can verify the original
> site's certificate.  How best to one distribute the cache. 

Another technical issue is "what to do about certain kinds of dynamic
content, such as page scripts".  The safe behavior is "ignore/not
cache" but the user experience isn't all that great.  'course caching
random active payload is utterly horrible from a security standpoint.

There is a liability/legal can of worms lurking here too.  In *any*
given jurisdiction, there is content, the possession/redistribution of
which, will make various people mad (for various definitions of mad).

   * Pornography (Legal in the civilized world, or that which is
     illegal in the civilized world)
   * Most forms of political speech
   * Most social commentary
   * Blasphemy
   * Lèse-majesté
   * 09F911029D74E35BD84156C5635688C0
   * Sploits
   * Data dumps
   * etc etc etc.

Since I tend to lean towards being a freedom of thought/expression
absolutist (in the sense of the principle behind the ever eroded legal
right), a well designed cache system should be capable of holding
anything, no matter how unpopular, while keeping operators protected
from as much fallout as possible.

Something that sits on top of Tahoe-LAFS perhaps...  I have a sense
that the problem space overlaps.

I'm probably just dreaming, and some random person is probably going to
tell me why I'm wrong to want such properties, or "why not use
$project, ur dumb lol".


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160404/e983d13e/attachment.sig>

More information about the tor-dev mailing list