[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.

From:	Jeff Burdges
Subject:	[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.0.2]
Date:	Thu, 31 Mar 2016 12:05:04 +0200

I'm forwarding this from tor-dev because anyone who encounters
CloudFlare CAPTCHAs may find it useful, especially like Tor and VPN
users.

-------- Forwarded Message --------
From: Yawning Angel <address@hidden>
Reply-to: address@hidden
To: address@hidden
Subject: [tor-dev] Request for feedback/victims: cfc-0.0.2
Date: Sun, 27 Mar 2016 06:12:57 +0000

Hello,

Thanks for the feedback so far.

  [ PEOPLE THAT HAVE BIG SCARY ADVERSARIES IN THEIR THREAT MODEL
    STILL SHOULD NOT USE THIS. ]

New version with changes some that add functionality, some code of
quality stuff, hence a version bump to 0.0.2, especially since it'll
probably be a bit before I can focus on tackling the TODO items.

Source: https://git.schwanenlied.me/yawning/cfc
XPI: https://people.torproject.org/~yawning/volatile/cfc-20160327/

Major changes:

 * Properly deregister the HTTP event listeners on addon unload.

 * Toned down the snark when I rewrite the CloudFlare captcha page,
   since I wasn't very nice.

 * Additional quality of life/privacy improvements courtesy of Will
   Scott, both optional and enabled by default.

   * (QoL) Skip useless landing pages (github.com/twitter.com will be
     auto-redirected to the "search" pages).

   * (Privacy) Kill twitter's outbound link tracking (t.co URLs) by
     rewriting the DOM to go to the actual URL when possible.  Since
     DOM changes made from content scripts are isolated from page
     scripts, this shouldn't substantially alter behavior.

   * (Code quality) Use a pref listener to handle preference changes.

TODO:

 * Try to figure out a way to mitigate the ability for archive.is to
   track you.  The IFRAME based approach might work here, needs more
   investigation.

 * Handle custom CloudFlare captcha pages (In general my philosophy is
   to minimize false positives, over avoiding false negatives).
   Looking at the regexes in dcf's post, disabling the title check may
   be all that's needed.

 * Handle CloudFlare 503 pages.

 * Get samples of other common blanket CDN based Tor blocking/major
   sites that block Tor, and implement bypass methods similar to how
   CloudFlare is handled.

 * Look into adding a "contact site owner" button as suggested by Jeff
   Burdges et al (Difficult?).

 * Support a user specified "always use archive.is for these sites"
   list.

 * UI improvements.

 * More Quality of Life/Privacy improvements (Come for the Street
   Signs, stay for the user scripts).

   * I will eventually get annoyed enough at being linked to mobile
     wikipedia that I will rewrite URLs to strip out the ".m.".

 * Test this on Fennec.

 * Maybe throw this up on addons.mozilla.org.

Regards,

-- 
Yawning Angel

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.0.2], Jeff Burdges <=

Prev by Date: Re: [GNUnet-developers] [GSoC] Question on "Rust implementation of GNUnet utils" project
Previous by thread: [GNUnet-developers] Secushare on Mantis
Index(es):
- Date
- Thread