On 2017-11-18, [email protected] wrote:
CloudFlare's MITM activity is widely discussed in the Tor Project ticket. This bug is mentioned on this webpage: https://trac.torproject.org/projects/tor/ticket/24351
I am the reporter of that bug, titled "Block Global Active Adversary Cloudflare". Though this is an issue which has concerned me for years, I thank the anonymous reporter of this Debian bug for part of my inspiration.
An anonymous cypherpunk created a Firefox add-on to block Cloudflare: https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/ I lifted out the code into a Github repository: https://github.com/nym-zone/block_cloudflare_mitm_fx Commits are signed with the same PGP key as this e-mail, fingerprint: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0CPlease note that I have not yet actually tested the code. a.m.o. marks it as Firefox 53+ only; whereas I exclusively use Tor Browser, based on Firefox 52. I did glance over the code to see if it looked sane, and normalize the PNG icons to fix some CRC errors. Beyond that, I deemed it most important to get the ball rolling with a public repository so people can hack on it.
Contributions will be much appreciated. As I indicated in the Tor bug tracker, I hope to see the beginnings of a grassroots community response to the Cloudflare mass-MITM threat.
[email protected]
signature.asc
Description: PGP signature
