[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some Bones to Pick with Tor Admins

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some Bones to Pick with Tor Admins
From: Ringo Kamens <2600denver@xxxxxxxxx>
Date: Tue, 10 Feb 2009 18:17:11 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 10 Feb 2009 18:17:18 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=Yj7mWpoAneHYY1gJsgYxdA0bn8bvkHGEtRmBcSPS1Ts=; b=Te+dkyzOwyDS482DdqRAfO4UWObxoKGKp31RDgQvoIWcodcGS06O9DAYUtm0XnQTVd 6Cp/X7+tggXBuyIWbqmXBovLVi99qYSlKrYi2VlLBtfy5VxBAGB9CmP+zyIdckr/kIFo wLfaIHQKnVeN4waT3EIDzXs1X75JIVxRMqY9E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=kiXnUMWKyk/tETXCFMEiP8exaEAnn+zZxb17U3AisOZt1FdsMzEKZ5fWFX+d+HvWGm kUqtqflo1J//UdYgtcpu2yKuus3HoGbF8nGAhzWPzcHg84Qs1U+2nMAE/TOj23/IYKKn mFnYIBTenDoxZwe6fXhXoYfD0hzeVx7erNj4E=
In-reply-to: <20090210190238.50721d43@flaptop>
Openpgp: id=2739044E
References: <1234293578.15212.1299624843@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20090210205026.GH19155@xxxxxxxxxxxxxx> <20090210190238.50721d43@flaptop>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It absolutely would. Here are some things TorButton defends against that
wouldn't be covered in your scenario:

1. Unauthenticated Updates
2. CSS Tracking (I think it does anyways)
3. Flash and auto-opening of files
4. Browser referral and user-agent tracking

Ringo

Freemor wrote:
> On Tue, 10 Feb 2009 15:50:27 -0500
> Roger Dingledine <arma@xxxxxxx> wrote:
> 
>  (You need Torbutton 1.2 on Firefox to
>> have any chance of safe browsing.)
>>
> 
> I know that his is a bit off topic so apologies in advance, 
> By the above are you saying that a FF with 0 plugins, 0 extensions,
> cookies and javascript disables running under its own profile would
> still be less safe then a loaded browser with Tor button? If so, could
> you please point me to documentation of the vulnerabilities that Tor
> button would cover but the completely feature denuded FF would not.
> 
> Thanks in advance,
> Freemor  
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA
Hy4PCsUUxxiakGlOQvXr4rw=
=Q2h7
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Some Bones to Pick with Tor Admins
  - From: Ted Smith

References:
- Some Bones to Pick with Tor Admins
  - From: mark485anderson
- Re: Some Bones to Pick with Tor Admins
  - From: Roger Dingledine
- Re: Some Bones to Pick with Tor Admins
  - From: Freemor

Prev by Author: Re: Moxie Marlinspike
Next by Author: Re: Some Bones to Pick with Tor Admins
Previous by thread: Re: Some Bones to Pick with Tor Admins
Next by thread: Re: Some Bones to Pick with Tor Admins
Index(es):
- Author
- Thread