[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Implement JSONP interface for check.torproject.org

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Implement JSONP interface for check.torproject.org
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Fri, 23 Mar 2012 23:34:11 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Mar 2012 19:34:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=B+lD8C/FadkMElbPtyzPb+83SbvyRcKPWF+O8/CalVg=; b=kUEPnuVZcovDB32ZKtLZR586rgdSEXgJGwRZCawYCdS6lq6Etm3zFjXLTkEe4NWhPh 9pSlc6sVU1204z/+sNkck7laoWyrXMJKX8RfhbZrywTqEEdRoYa6a47DwrhVIhRpwOqq r1VF1knaJAmhCMqy6DyJXYhJwrqUsJR/+xcadVUw5xDrpx0++Y1VzG+0jL/7HRGg8NpO EmX0wA1Bd57rA3ivBQJnQU5cWY7/cuWOnnkxb70akxhYCGlEcExGWFgYLY+8XHSlKWZg lZQdtoiOGisUiXOIyX8wcpqT74VsU8yCECb6+frq9GmrOakd0HEFtLc5Bd22YjB/sCBk cI0Q==
In-reply-to: <4F6CF9A9.9090904@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4EB5E251.1020909@xxxxxxxxxx> <4EB6DBAE.8090607@xxxxxxxxxxxxx> <4F6CF9A9.9090904@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On 2012-03-23, Arturo FilastÃ <art@xxxxxxxxxx> wrote:

> Since I noticed that check.tpo was removed from the front page I was
> thinking it would be a good idea to bring back up the topic of migrating
> check.torproject.org to a JSONP based system.

JSONP gives the party which is expected to provide a piece of data the
ability to run arbitrary JavaScript code in the security context of
the website which requested the data.  The Tor Project should never
put itself in a position to have that level of control over other
parties' websites.

> Such a system would also allow to have the "JSONP check nodes" distributed
> across multiple machines (avoiding the single point of failure that check
> currently is) and the client side software could be embedded inside of
> TBB directly.
>
> People could further promote the usage of Tor by placing an "Anonymity"
> badge on their website.
>
> A person wishing to setup such a node needs to simply install TorBel
> and a python based web app that runs this JSONP system.
>
> My threat model for this is very lax, so I don't see any purpose in
> bad actors telling a client when he is not using Tor that he is using it.
> If check.tpo tells the user is not using Tor it already means that TBB
> failed, the purpose of it is just to provide visual feedback to the user
> that all is did went well.

check.torproject.org is the only service which can warn Tor users that
a security upgrade is available for the Tor Browser Bundle.

It is also accessed by every Tor Browser Bundle as the first page
shown after the user uses the âNew Identityâ Torbutton command; any
party which can impersonate check.torproject.org can plant
user-tracking cookies in every TBB user's browser.

check.torproject.org cannot ever be run by untrusted parties, and
cannot ever use a JSONP service provided by untrusted parties.

> If check is moved to git and you think it is a good idea I can start
> working on this.

It is a more horrible idea now than it was the first time you proposed
it.

Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Implement JSONP interface for check.torproject.org
  - From: Arturo FilastÃ

References:
- Re: [tor-dev] Implement JSONP interface for check.torproject.org
  - From: Arturo Filastò

Prev by Author: Re: [tor-dev] Proposal 193: Safe cookie authentication
Next by Author: Re: [tor-dev] Proposal 198: Restore semantics of TLS ClientHello
Previous by thread: Re: [tor-dev] Implement JSONP interface for check.torproject.org
Next by thread: Re: [tor-dev] Implement JSONP interface for check.torproject.org
Index(es):
- Author
- Thread