[tor-dev] Request for feedback/victims: cfc
yawning at schwanenlied.me
Wed Mar 23 09:15:36 UTC 2016
Inspired by https://trac.torproject.org/projects/tor/ticket/18361
I've been working on way to improve the situation.
My "proof of concept" tech demo is what I consider good enough for
use by brave people that aren't me, so I have put up an XPI package
The source: https://git.schwanenlied.me/yawning/cfc (Requires the
Firefox SDK aka Jetpack to package).
By default the addon will:
* Rewrite the CloudFlare captcha error page with messages that reflect
my perception of reality.
* Rewrite imgur ".gifv" links to ".gif".
Under "Tools->Addons->Extensions" you can configure the addon to:
* Automatically fetch a cached copy of pages hosted on CloudFlare
infrastructure from archive.is.
* Automatically fetch a cached copy of pages that present a CloudFlare
captcha from archive.is.
* Pop up a UI widget asking if you want to fetch a cached copy of the
page from archive.is each time you encounter a captcha.
* Disable the snarky error message replacement (Requires a restart to
take effect, because I'm lazy).
* Disable the gifv URL rewrite.
* Support a user definable blacklist (eg: If you want to always use
archive.is to access gawker.com or other clickbait bullshit, you
should be able to easily do so).
* Add more general quality of life things.
* Think about making it work on Fenec (It currently will not because
PopUpNotifications are handled differently, among other things).
* Rewrite the internals to prepare for e10s.
* If archive.is is evil, they can track you across page fetches
trivially, because this sort of use case is outside of Tor Browser's
current threat model (Yes, CloudFlare/Google can also do the same
thing currently, who do you trust more?).
* PEOPLE THAT HAVE BIG SCARY ADVERSARIES IN THEIR THREAT MODEL SHOULD
NOT USE THIS.
If you don't know how to install addons given as XPI files, you
shouldn't be using this. This is only tested on 6.0a4 (Linux/64 bit).
It *should* work on everything that isn't Orfox that's relatively
: A very cynical/adversarial take on things. Opinions are my own,
etc, and I don't care if you're offended.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the tor-dev