security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-discuss] why Tor whitelisting is a bad idea (was: gnuradio pro


From: Nomen Nescio
Subject: [security-discuss] why Tor whitelisting is a bad idea (was: gnuradio project..)
Date: Fri, 3 Mar 2017 21:08:12 +0100 (CET)

Dr. Stallman said:

> The fact that some other browsers have trouble is unfortunate.  But
> since our recommended free browser works ok, my conclusion is that
> this doesn't rise to the level of an ethical problem.

To be clear, I think you are speaking strictly in terms of free
software ethics.  Many of the ethical problems arising out of gnuradio
using cloudflare can be characterized as:

 * Software freedom
 * Civil liberties
 * Security ethics & centralization

I get the impression from Svetlana Tkachenko that the gnuradio may be
going in the direction of whitelisting Tor in the CloudFlare settings,
instead of discarding CloudFlare.  It's important to realize that if
that happens, the software freedom issues will go away (as far as I
can tell), but many of the other ethical problems will actually
worsen.

Ethical Tor users avoid CloudFlare sites even when they whitelist Tor.
It's harmful to both security and civil liberties to feed CloudFlare
in any way (supplying it with data [traffic] or money).  The CF
captchas are actually favorable in that they make it easy for ethical
Tor users to avoid a site.  Removing the captcha and maintaining
cloudflare has the side-effect of helping (unwitting) Tor users
support an adversary of the tor community, civil liberties and
security.

The best ethical move here is for FSF to use its influence over
software freedom to get gnuradio off CloudFlare completely.  The
half-assed whitelisting approach simply dumps the problem on someone
elses plate.  The EFF and ACLU (for example) have no power over
gnuradio and thus less leverage to remedy the problem.

--
Please note this was sent anonymously, so the "From:" address will be unusable.
List archives will be monitored.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]