[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 18 Apr 2012 17:45:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Apr 2012 13:45:45 -0400
In-reply-to: <046.6108494ab8c2fe1cbe4919202c4064ba@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.6108494ab8c2fe1cbe4919202c4064ba@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5553: prevent protocol leaks; Tor client connection API or protocol review howto
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:     
     Type:  task        |         Status:  new
 Priority:  normal      |      Milestone:     
Component:  Tor Client  |        Version:     
 Keywords:              |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------

Comment(by unknown):

 Replying to [comment:3 proper]:
 > Here are some hints, how difficult it is, to review an application.
 > https://lists.torproject.org/pipermail/tor-talk/2012-April/024016.html
 >
 > After digging this topic a lot, I don't think that someone ever reviewed
 an application so thoroughly, beside Tor Browser and Pidgin.

 Hiding IP and preventing visible leakages (such as DNS requests or
 useragent name) is not enough for successful torifycation. For example, if
 someone trying to torify download manager (such as wget), then smart
 adversary can reduce anonimity set with statistic profiling any non-TBB
 downloaders on the servers side or through intercepting exit node traffic.
 Wget'll get a different responce than standart TBB or another downloaders
 to cookies and active elements injection, fonts manipulation on a page,
 resume downloading, pipelining behaviour, etc. Different applications and
 different settings brings to different anonimity sets. We need a some
 bundle with unified set of a popular applications or warning to use manual
 torifying with limitation (for instance, connecting to trusted personal
 hidden services only).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5553#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5637 [Metrics Utilities]: Ignore carriage returns when parsing descriptors
Next by Author: Re: [tor-bugs] #5632 [Torperf]: Make Torperf log timestamps after every 10% of received bytes
Previous by thread: Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
Next by thread: Re: [tor-bugs] #4430 [TorBrowserButton]: Fully Disable Session Store+Restore
Index(es):
- Author
- Thread