Issues with corporate censorship and mass surveillance
|Reported by:||ioerror||Owned by:||tbb-team|
|Severity:||Critical||Keywords:||security, privacy, anonymity|
|Cc:||arthuredelstein, jeroen@…, torry, saint, tne||Actual Points:|
There are companies - such as CloudFlare - which are effectively now Global Active Adversaries. Using CF as an example - they do not appear open to working together in open dialog, they actively make it nearly impossible to browse to certain websites, they collude with larger surveillance companies (like Google), their CAPTCHAs are awful, they block members of our community on social media rather than engaging with them and frankly, they run untrusted code in millions of browsers on the web for questionable security gains.
It would be great if they allowed GET requests - for example - such requests should not and generally do not modify server side content. They do not do this - this breaks the web in so many ways, it is incredible. Using wget with Tor on a website hosted by CF is... a disaster. Using Tor Browser with it - much the same. These requests should be idempotent according to spec, I believe.
I would like to find a solution with Cloudflare - but I'm unclear that the correct answer is to create a single cookie that is shared across all sessions - this effectively links all browsing for the web. When tied with Google, it seems like a basic analytics problem to enumerate users and most sites visited in a given session.
One way - I think - would be to create a warning page upon detection of a CF edge or captcha challenge. This could be similar to an SSL/TLS warning dialog - with an option for users to bypass, engage with their systems or an option to *contact them* or the *site's owners* or to hit a cached version, read only version of the website that is on archive.org, archive.is or other caching systems. That would ensure that *millions* of users would be able to engage with informed consent before they're tagged, tracked and potentially deanonymized. TBB can protect against some of this - of course - but when all your edge nodes are run by one organization that can see plaintext, ip addresses, identifiers and so on - the protection is reduced. It is an open research question how badly it is reduced but intuitively, I think there is a reduction in anonymity.
It would be great to find a solution that allows TBB users to use the web without changes on our end - where they can solve one captcha, if required - perhaps not even prompting for GET requests, for example. Though in any case - I think we have to consider that there is a giant amount of data at CF - and we should ensure that it does not harm end users. I believe CF would share this goal if we explain that we're all interested in protecting users - both those hosting and those using the websites.
Some open questions:
- What kind of per browser session tracking is actually happening?
- What other options do we have on the TBB side?
- What would a reasonable solution look like for a company like Cloudflare?
- What is reasonable for a user to do? (~17 CAPTCHAs for one site == not reasonable)
- Would "Warning this site is under surveillance by Cloudflare" be a reasonable warning or should we make it more general?
Change History (241)
comment:1 follow-ups: ↓ 3 ↓ 5 ↓ 8 Changed 11 months ago by marek
Changed 11 months ago by cypherpunks
comment:20 follow-up: ↓ 22 Changed 11 months ago by marek
comment:26 follow-up: ↓ 50 Changed 11 months ago by marek
comment:28 in reply to: ↑ 23 Changed 11 months ago by cypherpunks
comment:68 in reply to: ↑ 66 Changed 11 months ago by lhi
comment:71 in reply to: ↑ 10 ; follow-ups: ↓ 88 ↓ 89 Changed 11 months ago by lhi
comment:73 in reply to: ↑ 72 Changed 11 months ago by lhi
comment:104 follow-up: ↓ 112 Changed 11 months ago by ford
comment:112 in reply to: ↑ 104 Changed 11 months ago by lhi
comment:113 in reply to: ↑ 89 Changed 11 months ago by lhi
comment:134 in reply to: ↑ 124 ; follow-up: ↓ 136 Changed 11 months ago by lunar
comment:155 Changed 11 months ago by freetheinternet
comment:167 in reply to: ↑ 166 Changed 11 months ago by madD
comment:168 Changed 11 months ago by cypherpunks
comment:172 Changed 11 months ago by aperture
comment:176 follow-up: ↓ 177 Changed 11 months ago by aperture
comment:191 in reply to: ↑ 189 Changed 11 months ago by cypherpunks
comment:202 in reply to: ↑ 173 Changed 10 months ago by saint
- Cc saint added