[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Javascript security question
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Javascript security question
- From: Freemor <freemor@xxxxxxxxx>
- Date: Fri, 21 Aug 2009 11:14:30 -0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 21 Aug 2009 10:20:22 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:reply-to:x-mailer:face :mime-version:content-type; bh=+DCwYtx43kvKr6PRZ42n14ztfY2Xkjw2Eu5MPmZ91QI=; b=wkclekplcan5mhDiun1cfbWMp+n24l6GGf3A4vYwuRab0N3nmE1IF1T8e0wuPXnh1e XpFljpNK7uqJp8pGphPRklRTWApwLPu36LnG1bKyqB+WQhwRQg/WTaSrt2PLSL4KrQQP 8s92tunjbjP4siIAuEO72dXprCmGOoCv8W34s=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :x-mailer:face:mime-version:content-type; b=KGVB9+zsipsp+vtVXmlVILNsV28TsKvubDMUg5e1BiDvweOo1Yf2tfabPrvxTi0xXL 5GOfiZ1KQmwQknb1Xe9YJraC9uKA43K5suYpAZ2D+oL8rngP7rmKwKlhf1RzlLjzsHM5 pg/woFELo+Uq/UV30/IhKJs0kTIZhoUTWzOqg=
- Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
- In-reply-to: <280660.72989.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <20090821102617.476037d4@flaptop> <280660.72989.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Fri, 21 Aug 2009 13:39:47 +0000 (GMT)
Sadece Gercekler <inanma@xxxxxxxxx> wrote:
> Thanks everybody for the explanation.
>
> So the exit node I'm using can be Evil and there is no way I can know
> this. If so, is it wise to use the Tor network even with javascript
> disabled?
>
Using a properly Locked down browser (Torbutton/etc), and staying as
much as possible to encrypted connections (https) It is possible to use
Tor "fairly" safely. Remember, using the open Internet is largely an
exercise in trust. you trust that none of the system between you and
yahoo will eavesdrop and you trust that none of them will inject
anything. Both of these are Basically huge assumptions anytime you are
not using SSL or some other secure end-to-end encryption. ISPs do
inject (Rogers here in Canada played with it). ISPs do eavesdrop
(phorm/BT). So I try to use https/etc as much as I can anyways.
Considering the above (and I'm sure others will add a few points). you
need to get as informed as possible on both TOR and the open net and
then make an informed risk assessment. Are the risks greater then the
open net? Is the anonymity worth the risk? Can I do it all over SSL?
etc?
Regards,
Freemor
--
freemor@xxxxxxxxxxx
freemor@xxxxxxxxx
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
Attachment:
signature.asc
Description: PGP signature