Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
T
Tor Browser
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,533
    • Issues 1,533
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #40296

Closed
Open
Opened Jan 15, 2021 by Gaba@gaba☀Owner

Active-resistance: Obfuscate HTTPS upgrading

As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.

Requiring encryption is passive resistance and consequently has strengths (is comparatively easy to reason about) but also weaknesses (requiring encryption leaks information about the browser’s configuration). In CREWS, we will also evaluate augmenting the passive resistance with active resistance by simulating insecure browser behavior. This approach will hide the fingerprint created through enabling HSTS and also hide the distinctive behavior of the augmented Tor Browser. This approach will enlarge the anonymity set that users belong to, and so enhance the level of privacy above that provided by passive resistance alone.

Edited Feb 11, 2021 by Matthew Finkel
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Sponsor 103: Collaborative ResistancE to Web Surveillance (CREWS)
Milestone
Sponsor 103: Collaborative ResistancE to Web Surveillance (CREWS)
Assign milestone
Time tracking
Mar 31, 2021
Due date
Mar 31, 2021
Reference: tpo/applications/tor-browser#40296