[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000



On 07/03/2014 16:17, Adrian Crenshaw wrote:
Best guess, many client side and web app attacks Tor can't do much about.
(My talk at Defcon will cover a bunch of folks that got Deanonymized, but
in every case it was not Tor that was really broke)

This actually depends on what to mean by "Tor". If just the network level part, then yes. But tor project also provides and promotes TBB, which attempts to prevent various client side exploits and web app attacks, but apparently can't prevent all of them. If tor project went one step further, and developed security-by-isolation approach (using virtual machines, like Whonix does), this could prevent practically all client side exploits. And pretty much the only way user could be deanoned is if he himself typed in his personal information, or logged into some service shared with other identities.

Yuri

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk