Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.

[Aymeric Vitte <vitteaymeric@xxxxxxxxx>]

Definitely yes, that's a perfect summary of the situation, 
unfortunately, despite of Tor devs efforts, browsing the web is too 
dangerous but the Tor browser can provide you a relative anonymity, if 
you "don't do stupid stuff" indeed.

Regards,

Le 15/08/2014 01:18, Mirimir a écrit :
> On 08/14/2014 04:48 PM, Aymeric Vitte wrote:
> > I am "defensive" because you seem to make a general case of something
> > that can only happen in case of browser's/OS bug, and conveying to Tor
> > users that they should not use js is a non sense, you make believe them
> > that intrinsically js can easily leak their ip and/or mac addresses,
> > which is wrong, this can happen under extraordinary circumstances that
> > have nothing to do with js, here a windows/ff bug, which could have been
> > a css attack or whatever.
> >
> > Regards,
> This was indeed an extraordinary circumstance. And it is misleading to
> focus on the importance of blocking Javascript. It's also evidence for
> using the latest Tor browser release, avoiding Windows, etc.
>
> However, I do see a "told you so" here. It's foolish to think that
> simply using the Tor browser is adequate protection for doing stuff
> where there are serious consequences. Maybe the the comment "Everything
> you need to safely browse the Internet. This package requires no
> installation. Just extract it and run." on the download page needs a
> "don't do stupid stuff" warning. Also, maybe the "Want Tor to really
> work?" section needs to reiterate the "don't rely on Tor for strong
> anonymity" warning. Maybe even something about firewall rules. Yes?
>
> > Le 14/08/2014 11:06, Anders Andersson a écrit :
> > > On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte
> > > <vitteaymeric@xxxxxxxxx> wrote:
> > >
> > > > >     As
> > > > > someone who argues against using javascript in any context, I can only
> > > > > say "told you so", but that doesn't really help anyone. :)
> > > > No and you are wrong
> > >   From
> > > https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
> > >
> > > "An attack that exploits a Firefox vulnerability in JavaScript has
> > > been observed in the wild."
> > > People who didn't allow javascript were safe.
> > >
> > >
> > > > > Because they managed to get in to the client browser, they could learn
> > > > > the real IP address and MAC address
> > > > and the color of your shirt
> > > Why are you so defensive? Is it your code they broke? They could learn
> > > the color of my shirt if the browser user has access to a webcam,
> > > which is not uncommon. This is however highly irrelevant.
> > >
> > >
> > > > > , they didn't learn this through
> > > > > Tor.
> > > > Are you serious in your answer?
> > > Very much so. If you don't believe me, then maybe you'll believe these
> > > sources:
> > >
> > > https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
> > >
> > > https://www.mozilla.org/security/announce/2013/mfsa2013-53.html
> > >
> > > Nothing was exploited through Tor. In fact, they couldn't find out who
> > > was using the server *because* people used Tor. So they had to resort
> > > to javascript exploits.

--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk