gk and yawning closing "Tor Browser is not your privacy browser, Non-goal: PRIVACY" ticket
Many people still don't understand why Cloudflare is a MITM point. They clearly didn't read all data.
https://www.torproject.org/projects/torbrowser/design/
Tor people, do you think #24351 is unnecessary to you? Do you accept MITM and refuse to fix padlock incorrect information?
Activity
Replying to cypherpunks:
You must be cloudflare zoey! You've learned how to use cypherpunk multi-user account! Congrats!!
Why aren't you searching an issue before writing an useless comment to this ticket? Here you go, lazy kid. Next time, do some research.
Replying to cypherpunks:
https://bugzilla.mozilla.org/show_bug.cgi?id=1426618 RESOLVED WONTFIX, but yeah, I support your initiative even if I don't think there's a chance that Mozilla will listen...
Replying to cypherpunks:
Replying to cypherpunks:
https://bugzilla.mozilla.org/show_bug.cgi?id=1426618 RESOLVED WONTFIX, but yeah, I support your initiative even if I don't think there's a chance that Mozilla will listen...
Only David Keeler is replying to this report. Other Mozilla employee didn't answer to this at this moment. He clearly closed this report without reading anything.
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
https://bugzilla.mozilla.org/show_bug.cgi?id=1426618 RESOLVED WONTFIX, but yeah, I support your initiative even if I don't think there's a chance that Mozilla will listen...
Only David Keeler is replying to this report. Other Mozilla employee didn't answer to this at this moment. He clearly closed this report without reading anything. Your wording wasn't clear on that you sought to only suggest an option for labeling as insecure Cloudflare traffic that has been tempered and not their full-SSL offers.
LOL if I go to https://kproxy.com to visit https://github.com, should the browser inform me that my connection is insecure because kproxy is essentially MiTM? Of course not! So why should it do exactly that for sites behind kproxy, uh, I mean Cloudflare?
Also, in Tor Browser context, this penalizes HTTPS websites (even if they're behind Cloudflare and don't have Cloudflare's full SSL(TM) support) and puts them in the same rank as HTTP ones, which is--to say the least--unfair (the first one is at least resilient to exit node plaintext sniffing whereas the second isn't).
Replying to cypherpunks:
LOL if I go to https://kproxy.com to visit https://github.com, should the browser inform me that my connection is insecure because kproxy is essentially MiTM? Of course not! So why should it do exactly that for sites behind kproxy, uh, I mean Cloudflare?
You do realize you're connecting to KPROXY.COM right? Going beyond that isn't MITM because you do know your destination server is KPROXY.COM.
You ============ KPROXY.COM
The problem is Cloudflare websites. You never notice you are connecting to Cloudflare.
Expected result: You ============ WTF.COM
Actual result: You =====CF:)=== WTF.COM
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
https://bugzilla.mozilla.org/show_bug.cgi?id=1426618 RESOLVED WONTFIX, but yeah, I support your initiative even if I don't think there's a chance that Mozilla will listen...
Only David Keeler is replying to this report. Other Mozilla employee didn't answer to this at this moment. He clearly closed this report without reading anything. Your wording wasn't clear on that you sought to only suggest an option for labeling as insecure Cloudflare traffic that has been tempered and not their full-SSL offers.
I didn't write that. Besides I never create an account on Mozilla because I hate it after Looking Glass incident. Why don't you write it to bugzilla yourself?
Replying to cypherpunks:
Also, in Tor Browser context, this penalizes HTTPS websites (even if they're behind Cloudflare and don't have Cloudflare's full SSL(TM) support) and puts them in the same rank as HTTP ones, which is--to say the least--unfair (the first one is at least resilient to exit node plaintext sniffing whereas the second isn't).
CLoudflare is exit node. Not unfair because Tor node and coudflare can read your data
Replying to cypherpunks:
Replying to cypherpunks:
LOL if I go to https://kproxy.com to visit https://github.com, should the browser inform me that my connection is insecure because kproxy is essentially MiTM? Of course not! So why should it do exactly that for sites behind kproxy, uh, I mean Cloudflare?
You do realize you're connecting to KPROXY.COM right? Going beyond that isn't MITM because you do know your destination server is KPROXY.COM.
You ============ KPROXY.COM
The problem is Cloudflare websites. You never notice you are connecting to Cloudflare.
Expected result: You ============ WTF.COM
Actual result: You =====CF:)=== WTF.COM In both cases, I, the IT specialist, can realize that KPROXY.com and CF (by looking at the headers with
Ctrl+Shift+Q) are MiTM, but what about my grandma? You seem to be treating all FF and TB users are some non-nuanced populace.Replying to cypherpunks:
Replying to cypherpunks:
Also, in Tor Browser context, this penalizes HTTPS websites (even if they're behind Cloudflare and don't have Cloudflare's full SSL(TM) support) and puts them in the same rank as HTTP ones, which is--to say the least--unfair (the first one is at least resilient to exit node plaintext sniffing whereas the second isn't).
CLoudflare is exit node. Not unfair because Tor node and coudflare can read your data This is just wrong, the Tor node won't look at your traffic which is great since in the past it would've been able to just do that, thank you Cloudflare and eastdakota for protecting Tor users!
thank you Cloudflare and eastdakota for protecting Tor users!
Are you joking? They hate Tor users. https://blog.cloudflare.com/the-trouble-with-tor/
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
LOL if I go to https://kproxy.com to visit https://github.com, should the browser CLoudflare is exit node. Not unfair because Tor node and coudflare can read your data This is just wrong, the Tor node won't look at your traffic which is great since in the past it would've been able to just do that, thank you Cloudflare and eastdakota for protecting Tor users!
This is just wrong, Cloudflare look at your traffic, just like bad Tor exits which running sslstrip or proxy.
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
Replying to cypherpunks:
LOL if I go to https://kproxy.com to visit https://github.com, should the browser CLoudflare is exit node. Not unfair because Tor node and coudflare can read your data This is just wrong, the Tor node won't look at your traffic which is great since in the past it would've been able to just do that, thank you Cloudflare and eastdakota for protecting Tor users!
This is just wrong, Cloudflare look at your traffic, just like bad Tor exits which running sslstrip or proxy. So you have statement T_1: "With Cloudflare basic SSL a Tor exit wont look at your plaintext traffic" and statement T_2: "Cloudflare may look at your traffic with basic SSL", do you realize that T_2 has no epistemological bearing on statement T_1?
Cloudflare is a MITM point So is the Tor network. That's the point.
[users] clearly didn't read all data They cannot be expected to. The interface should be self-instructing. The interface should educate users on the functionality the Tor network. It does neither of these things. This is by design.
Interesting. Class, keep discuss.
(I didn't know this ticket until I read this in mailing list) https://lists.torproject.org/pipermail/tor-talk/2018-January/043892.html
Trac:
Username: stupidregistration
Resolution: duplicate to N/A
Status: closed to reopened
Parent: N/A to #18361 (moved)-
IMO cypherpunks 14 and cypherpunks 15 are both wrong. Cloudflare is a free service. Website owner use their service in exchange of visitor's information. U.S. government asked Cloudflare to share their data in the past.
So MiTM? Yes. Not MiTM? Yes. Cloudflare is just a insecure reverse nginx proxy.
Trac:
Username: stupidregistration Reminder than Comment:16, posted by cypherpunks, was edited by "cypherpunks" to remove speech. It used to read:
Tor is a honeypot for peedos and snitches. Tor is used to drone niggers.
I will add to this list: Tor is a gommunist tool of control. From the time-sync, to the interface, to the controller, it has been designed to regulate how people access the internet and share information.
We already have #18361 (moved) and #24321 (moved). Closing this as duplicate.
Trac:
Resolution: N/A to duplicate
Status: reopened to closedWe already have #18361 (moved) and #24321 (moved). Closing this as duplicate.
Trac:
Status: reopened to closed
Resolution: N/A to duplicateClosed #24893 (moved) as a duplicate.
Replying to gk:
To all of you who feel the urge to reopen this bug again, please resist and keep this bug closed, thanks.
That's the third time I am saying this, leave this ticket closed. "gk and yawning closing "Tor Browser is not your privacy browser, Non-goal: PRIVACY" ticket" is not a bug.
Trac:
Status: reopened to closed
Resolution: N/A to not a bugmentioned in issue #24893 (moved)
mentioned in issue tpo/applications/tor-browser#24893 (closed)