[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some Bones to Pick with Tor Admins



On Tue, 2009-02-10 at 22:26 -0500, Nick Mathewson wrote:
> On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote:
> > On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > It absolutely would. Here are some things TorButton defends against that
> > > wouldn't be covered in your scenario:
> > > 
> > > 1. Unauthenticated Updates
> > > 2. CSS Tracking (I think it does anyways)
> > > 3. Flash and auto-opening of files
> > > 4. Browser referral and user-agent tracking
> > > 
> > > Ringo
> > > 
> > To be fair, though, 1, 3, and 4 could be configured away in default
> > FireFox. Updates can be disabled, flash can be removed, files can be set
> > to "ask", referrals can be disabled, and UA can be modified in firefox
> > or in Privoxy.
> 
> As Martin notes, privoxy won't modify your SSL connections for you.
> 
> Torbutton protects against many other attacks that regular Firefox
> configuration can't protect you against, too.  See the Torbutton
> design document at https://www.torproject.org/torbutton/design/ for a
> more full list.
> 
The only things I see in the "Adversary Attacks" section that could be
an issue are fingerprinting attacks, and of course exploitation. What am
I missing? And is there any way to get the benefits of Torbutton without
any of the state-saving aspects? Like the previous poster, I have a
separated Firefox profile I use for Tor, so separation of Tor and
non-Tor state isn't an issue for me.

What would it take to split off the filtering/hardening aspects of
Torbutton from the state-watching part, and just have an independent
anonymity-enhancing addon? I'd rather not trust one piece of software
with all of my anonymity, so I want to keep my system separated the
old-fashioned way, with plugins/cache/history/cookies/javascript that
could be used against me. This way, even if Torbutton fails, I still
have a modicum of safety against some attacks.

My configuration passes the decloak engine test with flying colors,
though I understand that's nowhere near comprehensive... ;)

Attachment: signature.asc
Description: This is a digitally signed message part