[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some Bones to Pick with Tor Admins

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some Bones to Pick with Tor Admins
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Tue, 10 Feb 2009 22:26:12 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 10 Feb 2009 22:26:16 -0500
In-reply-to: <1234308267.18979.72.camel@ubuntu>
Mail-followup-to: Nick Mathewson <nickm@xxxxxxxxxxxxx>, or-talk@xxxxxxxxxxxxx
References: <1234293578.15212.1299624843@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20090210205026.GH19155@xxxxxxxxxxxxxx> <20090210190238.50721d43@flaptop> <49920AF7.30803@xxxxxxxxx> <1234308267.18979.72.camel@ubuntu>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote:
> On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > It absolutely would. Here are some things TorButton defends against that
> > wouldn't be covered in your scenario:
> > 
> > 1. Unauthenticated Updates
> > 2. CSS Tracking (I think it does anyways)
> > 3. Flash and auto-opening of files
> > 4. Browser referral and user-agent tracking
> > 
> > Ringo
> > 
> To be fair, though, 1, 3, and 4 could be configured away in default
> FireFox. Updates can be disabled, flash can be removed, files can be set
> to "ask", referrals can be disabled, and UA can be modified in firefox
> or in Privoxy.

As Martin notes, privoxy won't modify your SSL connections for you.

Torbutton protects against many other attacks that regular Firefox
configuration can't protect you against, too.  See the Torbutton
design document at https://www.torproject.org/torbutton/design/ for a
more full list.

-- 
Nick

Follow-Ups:
- Re: Some Bones to Pick with Tor Admins
  - From: Ted Smith

References:
- Some Bones to Pick with Tor Admins
  - From: mark485anderson
- Re: Some Bones to Pick with Tor Admins
  - From: Roger Dingledine
- Re: Some Bones to Pick with Tor Admins
  - From: Freemor
- Re: Some Bones to Pick with Tor Admins
  - From: Ringo Kamens
- Re: Some Bones to Pick with Tor Admins
  - From: Ted Smith

Prev by Author: Re: Grrr...SafeLogging doesn't work in 0.2.1.12-alpha :-{
Next by Author: Tor on win98 [was Re: Some Bones to Pick with Tor Admins]
Previous by thread: Re: Some Bones to Pick with Tor Admins
Next by thread: Re: Some Bones to Pick with Tor Admins
Index(es):
- Author
- Thread