[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page



Hi Roger,

Looks good so far. From my perspective, the biggest risks are:

1) Third-party client applications leaking the real IP address of the 
user. This includes Java, Flash, media players, PDF viewers, Word 
documents...anything that opens up an external application that doesn't 
go through the proxy.

2) Persistent cookies. If a rogue Tor node injects a HTML response back to 
the user containing an IFRAME for every major web site, and that user has 
a stored cookie for one of those sites, it could lead to the identity of 
the user being disclosed. 

3) Web application hijacking. If a rogue Tor node watches for a specific 
pattern, such as the "welcome!" message from a web application or web 
mail portal, the Tor node could kick the user out and hijack their 
session. This is especially dangerous for sites that SSL-protect the 
authentication process, but leave the rest of the application unencrypted 
(Yahoo, GMail, others?). Once a valid session has been obtained, the node 
operator could send spam (web mail), impersonate the user, or just data 
mine their messages and account settings for identifiable information.

-HD

On Thursday 08 March 2007 16:22, Roger Dingledine wrote:
> The current simplest advice I can give people is to remove all plugins:
> http://tor.eff.org/download.html.en#Warning
> Do you have any suggestions on safe ways to back off from that?