[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.
[GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.0.2]
Thu, 31 Mar 2016 12:05:04 +0200
I'm forwarding this from tor-dev because anyone who encounters
CloudFlare CAPTCHAs may find it useful, especially like Tor and VPN
-------- Forwarded Message --------
From: Yawning Angel <address@hidden>
Subject: [tor-dev] Request for feedback/victims: cfc-0.0.2
Date: Sun, 27 Mar 2016 06:12:57 +0000
Thanks for the feedback so far.
[ PEOPLE THAT HAVE BIG SCARY ADVERSARIES IN THEIR THREAT MODEL
STILL SHOULD NOT USE THIS. ]
New version with changes some that add functionality, some code of
quality stuff, hence a version bump to 0.0.2, especially since it'll
probably be a bit before I can focus on tackling the TODO items.
* Properly deregister the HTTP event listeners on addon unload.
* Toned down the snark when I rewrite the CloudFlare captcha page,
since I wasn't very nice.
* Additional quality of life/privacy improvements courtesy of Will
Scott, both optional and enabled by default.
* (QoL) Skip useless landing pages (github.com/twitter.com will be
auto-redirected to the "search" pages).
* (Privacy) Kill twitter's outbound link tracking (t.co URLs) by
rewriting the DOM to go to the actual URL when possible. Since
DOM changes made from content scripts are isolated from page
scripts, this shouldn't substantially alter behavior.
* (Code quality) Use a pref listener to handle preference changes.
* Try to figure out a way to mitigate the ability for archive.is to
track you. The IFRAME based approach might work here, needs more
* Handle custom CloudFlare captcha pages (In general my philosophy is
to minimize false positives, over avoiding false negatives).
Looking at the regexes in dcf's post, disabling the title check may
be all that's needed.
* Handle CloudFlare 503 pages.
* Get samples of other common blanket CDN based Tor blocking/major
sites that block Tor, and implement bypass methods similar to how
CloudFlare is handled.
* Look into adding a "contact site owner" button as suggested by Jeff
Burdges et al (Difficult?).
* Support a user specified "always use archive.is for these sites"
* UI improvements.
* More Quality of Life/Privacy improvements (Come for the Street
Signs, stay for the user scripts).
* I will eventually get annoyed enough at being linked to mobile
wikipedia that I will rewrite URLs to strip out the ".m.".
* Test this on Fennec.
* Maybe throw this up on addons.mozilla.org.
Description: This is a digitally signed message part
|[Prev in Thread]
||[Next in Thread]|
- [GNUnet-developers] [Fwd: [tor-dev] Request for feedback/victims: cfc-0.0.2],
Jeff Burdges <=