[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.



Definitely yes, that's a perfect summary of the situation, unfortunately, despite of Tor devs efforts, browsing the web is too dangerous but the Tor browser can provide you a relative anonymity, if you "don't do stupid stuff" indeed.

Regards,

Le 15/08/2014 01:18, Mirimir a écrit :
On 08/14/2014 04:48 PM, Aymeric Vitte wrote:
I am "defensive" because you seem to make a general case of something
that can only happen in case of browser's/OS bug, and conveying to Tor
users that they should not use js is a non sense, you make believe them
that intrinsically js can easily leak their ip and/or mac addresses,
which is wrong, this can happen under extraordinary circumstances that
have nothing to do with js, here a windows/ff bug, which could have been
a css attack or whatever.

Regards,
This was indeed an extraordinary circumstance. And it is misleading to
focus on the importance of blocking Javascript. It's also evidence for
using the latest Tor browser release, avoiding Windows, etc.

However, I do see a "told you so" here. It's foolish to think that
simply using the Tor browser is adequate protection for doing stuff
where there are serious consequences. Maybe the the comment "Everything
you need to safely browse the Internet. This package requires no
installation. Just extract it and run." on the download page needs a
"don't do stupid stuff" warning. Also, maybe the "Want Tor to really
work?" section needs to reiterate the "don't rely on Tor for strong
anonymity" warning. Maybe even something about firewall rules. Yes?

Le 14/08/2014 11:06, Anders Andersson a écrit :
On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte
<vitteaymeric@xxxxxxxxx> wrote:

    As
someone who argues against using javascript in any context, I can only
say "told you so", but that doesn't really help anyone. :)
No and you are wrong
  From
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html

"An attack that exploits a Firefox vulnerability in JavaScript has
been observed in the wild."
People who didn't allow javascript were safe.


Because they managed to get in to the client browser, they could learn
the real IP address and MAC address
and the color of your shirt
Why are you so defensive? Is it your code they broke? They could learn
the color of my shirt if the browser user has access to a webcam,
which is not uncommon. This is however highly irrelevant.


, they didn't learn this through
Tor.
Are you serious in your answer?
Very much so. If you don't believe me, then maybe you'll believe these
sources:

https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html

https://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Nothing was exploited through Tor. In fact, they couldn't find out who
was using the server *because* people used Tor. So they had to resort
to javascript exploits.

--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk