[security-discuss] why Tor whitelisting is a bad idea (was: gnuradio project..)

[Nomen Nescio]

Dr. Stallman said:

> The fact that some other browsers have trouble is unfortunate.  But
> since our recommended free browser works ok, my conclusion is that
> this doesn't rise to the level of an ethical problem.

To be clear, I think you are speaking strictly in terms of free
software ethics.  Many of the ethical problems arising out of gnuradio
using cloudflare can be characterized as:

 * Software freedom
 * Civil liberties
 * Security ethics & centralization

I get the impression from Svetlana Tkachenko that the gnuradio may be
going in the direction of whitelisting Tor in the CloudFlare settings,
instead of discarding CloudFlare.  It's important to realize that if
that happens, the software freedom issues will go away (as far as I
can tell), but many of the other ethical problems will actually
worsen.

Ethical Tor users avoid CloudFlare sites even when they whitelist Tor.
It's harmful to both security and civil liberties to feed CloudFlare
in any way (supplying it with data [traffic] or money).  The CF
captchas are actually favorable in that they make it easy for ethical
Tor users to avoid a site.  Removing the captcha and maintaining
cloudflare has the side-effect of helping (unwitting) Tor users
support an adversary of the tor community, civil liberties and
security.

The best ethical move here is for FSF to use its influence over
software freedom to get gnuradio off CloudFlare completely.  The
half-assed whitelisting approach simply dumps the problem on someone
elses plate.  The EFF and ACLU (for example) have no power over
gnuradio and thus less leverage to remedy the problem.

--
Please note this was sent anonymously, so the "From:" address will be unusable.
List archives will be monitored.