[tor-dev] Block Global Active Adversary Cloudflare

nullius nullius at nym.zone
Thu Jan 11 03:45:02 UTC 2018 

On 2018-01-10 at 23:25:05 +0000, teor <teor2345 at gmail.com> wrote:
>Sending every remote site address from the Tor process to an extension 
>increases the surface area for attacks.
>
>[...]
>
>This gives the extension access to the content of every encrypted page.
>
>[...]
>
>Please develop a least-authority design. Don't become the new 
>CloudFlare.

Hello, teor,

You evidently conflated two discrete options I discussed:  One for an 
IP-blacklisting Tor controller process completely separate from the 
browser or any other application; and the other for an application-level 
browser extension which would be as benign as NoScript.  (N.b., NoScript 
has “access to the content of every encrypted page”.)

The former was just an off-the-cuff thought of how Core Tor could be 
made to block undesired destinations in the manner of a firewall (or 
router null-route), without modifying Core Tor or requiring any sort of 
proposal process.  It would *not* interact with the browser.  Even if it 
somehow did, I don’t see how you think it would obtain the contents of 
encrypted pages.  What I described does not work that way, on its face.  
Most of all, it would NOT be part of the browser.  Giving the browser 
(or extensions living inside the browser process) unfettered control 
port access would be both stupid and insane, and I am neither; indeed, I 
never run Tor Browser in its stock configuration because that gives it 
*far* too much access to Tor already (and I agree with pretty much 
everything Yawning said here: [0]).

The latter is a browser extension which already exists, in the wild, 
today.  It works by detecting Cloudflare-specific HTTP response headers 
which Cloudflare injects (and which Cloudflare would not be able to 
inject, if they did not actively MITM the TLS connection).  It also 
works with non-Tor Firefox, without any Tor at all; it obviously does 
not interact with the Tor process in any way, shape, or form.

https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/

https://github.com/nym-zone/block_cloudflare_mitm_fx

(Not written by me.  I’m really a C guy, not a Javascript guy.  I am 
simply trying to facilitate and encourage development.)

Really, please, don’t mistake my proposal as something totally moronic.  
I will not be accused of trying to build some wack-job Tor controller 
into a web browser extension (!), or anything tantamount to that.

[0] https://lists.torproject.org/pipermail/tbb-dev/2018-January/000736.html

-- 
nullius at nym.zone | PGP ECC: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
Bitcoin: bc1qcash96s5jqppzsp8hy8swkggf7f6agex98an7h | (Segwit nested:
3NULL3ZCUXr7RDLxXeLPDMZDZYxuaYkCnG)  (PGP RSA: 0x36EBB4AB699A10EE)
“‘If you’re not doing anything wrong, you have nothing to hide.’
No!  Because I do nothing wrong, I have nothing to show.” — nullius
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180111/e17a125b/attachment.sig>

More information about the tor-dev mailing list