[tor-relays] Quantum Insert detection for everyone

[David Stainton]

>> TCP injection attacks are not the same as man-in-the-middle
>> attacks... but rather are categorized as man-on-the-side. The
>> difference is important because MoS is *much* cheaper for these
>> various (not just NSA) entities to execute. MoS means you do not
>> have to pwn a route endpoint at the site of your TCP injections...
>> you can inject from almost anywhere as long as you can win the
>> race.
>>
>> I will discuss this point in my write up... and I will write a
>> section specifically for Tor exit relay operators who are
>> interested in using HoneyBadger.
>
> What about the approach of detecting/preventing those attacks at the
> user endpoint. Like enforcing HTTPS-connection (HTTPS-Everywhere) and
> prohibiting/announcing redirects.

Tor users will not be able to detect these attacks on their
infrastructure; hence my message to Tor exit relay operators.

It is possible to add a "prevention" mechanism to HoneyBadger; an
event based firewall ruleset generator made to block TCP injection
attacks as they are happening... yes. This is possible. I could write
that if there was interest from enough people.

Yes... users of the Internet should give up using plain-text protocols
to stay safer. HTTPS-Everywhere and the various other related efforts
by the EFF are all a great help towards keeping people safer.