On Wed, Mar 23, 2016 at 2:15 AM, Yawning Angel yawning@schwanenlied.me wrote:
My "proof of concept" tech demo is what I consider good enough for use by brave people that aren't me, so I have put up an XPI package at: https://people.torproject.org/~yawning/volatile/cfc-20160323/
Very cool!
- If archive.is is evil, they can track you across page fetches trivially, because this sort of use case is outside of Tor Browser's current threat model (Yes, CloudFlare/Google can also do the same thing currently, who do you trust more?).
Because CloudFlare presents its captcha page under the target site's domain name, and the Google ReCAPTCHA iframe is embedded inside that, Tor Browser is designed to prevent tracking across visits to different CloudFlared sites. So in that sense the archive.is option allows more tracking.
One possible solution could be for the extension to replace the HTML content inside a desired content page (say, https://imgur.com/some-page.html) with an iframe containing the archive.is version. The iframe would then be embedded under the desired first-party domain (e.g., imgur.com instead of archive.is) so that the page requests and caching are isolated to imgur.com.