WebTunnel

The big win here is co-locating tunnels on existing domains with real websites. If anyone has a site that would be willing to host a tunnel but doesn&#x27;t want to run a full tor bridge, email me (in my profile) and I can help you configure your server to forward traffic to my bridge.<p>If you want to setup your own details are here: <a href="https:&#x2F;&#x2F;community.torproject.org&#x2F;relay&#x2F;setup&#x2F;webtunnel&#x2F;" rel="nofollow">https:&#x2F;&#x2F;community.torproject.org&#x2F;relay&#x2F;setup&#x2F;webtunnel&#x2F;</a>

Does this mean that, in theory, if you could compile the Tor library to WebAssembly then you could use it from inside a service worker in the browser?

I’m an AppSec Engineer that works primarily on WebApps in eCommerce and none of this feels right to me.<p>I became very skeptical of the Tor project when I found out that the CEO of CMYRU (data broker &#x2F;threat intelligence for governments and large corporations) was on the Tor board.<p><a href="https:&#x2F;&#x2F;www.vice.com&#x2F;en&#x2F;article&#x2F;z34jbj&#x2F;tor-projects-moves-away-from-team-cymru-infrastructure" rel="nofollow">https:&#x2F;&#x2F;www.vice.com&#x2F;en&#x2F;article&#x2F;z34jbj&#x2F;tor-projects-moves-aw...</a><p>Privacy was incredibly hard 10 years ago, even harder 5 years ago, and it’s twice as hard today.<p>All of the sudden a solution comes out that makes it easier using what? Modern day web apps and browsers? The things that are like pulling teeth out of a pit bull to secure unless everything was diligently threat modeled from start to finish before a line of code was written?<p>If anyone has ever had the need to hide their IP address and be anonymous. It’s a real pain in the ass and takes a lot more OpSec then just using Tor.<p>This seems like it’s just opening the door for MITM attacks between the web app and the tunnel.

Couldn&#x27;t authoritarian regimes still block a blacklist of SSL certs, since those are sniffable? Or block the public list of bridge addresses?