Hi Gavin & all, >> https://github.com/rustybird/corridor/#pitfalls >>> corridor cannot prevent malware on a client computer from directly >>> contacting a colluding relay to find out your clearnet IP address. > > I don't think this disclaimer is strong enough. With the 'getinfo address' > command, malware doesn't even need a colluding relay. I have to admit I was unaware of 'getinfo address'. For sure, the warning needs an update as soon as GitHub tells me WTF is going on with my account. These days, my thinking is that the purpose of corridor is not security but: safety against accidental misconfiguration (especially for developers); outsourcing :) the potential troubles of open WiFi to exit node ops, who are are way better equipped to deal with them; increasing Tor adoption in your neighborhood. Rusty
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk