The big win here is co-locating tunnels on existing domains with real websites. If anyone has a site that would be willing to host a tunnel but doesn't want to run a full tor bridge, email me (in my profile) and I can help you configure your server to forward traffic to my bridge.<p>If you want to setup your own details are here: <a href="https://community.torproject.org/relay/setup/webtunnel/" rel="nofollow">https://community.torproject.org/relay/setup/webtunnel/</a>
I’m an AppSec Engineer that works primarily on WebApps in eCommerce and none of this feels right to me.<p>I became very skeptical of the Tor project when I found out that the CEO of CMYRU (data broker /threat intelligence for governments and large corporations) was on the Tor board.<p><a href="https://www.vice.com/en/article/z34jbj/tor-projects-moves-away-from-team-cymru-infrastructure" rel="nofollow">https://www.vice.com/en/article/z34jbj/tor-projects-moves-aw...</a><p>Privacy was incredibly hard 10 years ago, even harder 5 years ago, and it’s twice as hard today.<p>All of the sudden a solution comes out that makes it easier using what? Modern day web apps and browsers? The things that are like pulling teeth out of a pit bull to secure unless everything was diligently threat modeled from start to finish before a line of code was written?<p>If anyone has ever had the need to hide their IP address and be anonymous. It’s a real pain in the ass and takes a lot more OpSec then just using Tor.<p>This seems like it’s just opening the door for MITM attacks between the web app and the tunnel.