[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] catastrophe: ip-api.com sees me

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] catastrophe: ip-api.com sees me
From: Seth David Schoen <schoen@xxxxxxx>
Date: Thu, 8 Feb 2018 12:18:27 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Feb 2018 15:18:41 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=fzzHInZXrnrk87JWkMtAgILX5nhx/vgwqw6IFwDOdDQ=; b=3G3X2IwMuC6rpHFrHoIcg5KMETa8hZFp4mPhRBLp8yd+u9LXlscWQOryp+lCdWY7VALdMbPXQnpCsL7tSiLZxJxjZlhGIaJMraxXWamRRgZ2lBMgSM2mjiSa2vlb4BsAjSoRxuUIBYmmzh/dL3JlE3OJNYhKawV2RiQBa6BmTP4=;
In-reply-to: <5A7CAD5B.70305@bitmessage.ch>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CA+PoCUEmCsUbs7qtA-QRTQ3uv4EjGKvAsiD-AWLYAuVv5BnmXg@mail.gmail.com> <20180129104510.GC23414@moria.seul.org> <5A7CAD5B.70305@bitmessage.ch>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.24 (2015-08-30)

Dash Four writes:

> Roger Dingledine wrote:
> >Using any browser with Tor besides Tor Browser is usually a bad idea:
> >https://www.torproject.org/docs/faq#TBBOtherBrowser
> I disagree with that statement. It is certainly _not_ a bad idea, provided you know what you are doing.

As the documentation says, there are a couple of different things that
can go awry here.

* Your non-Tor Browser can be vulnerable to a proxy bypass (because
  other browsers don't necessarily consider that a very serious
  problem).  E.g., an attacker can serve you some HTML that uses
  some kind of browser feature that goes directly over the Internet,
  not via Tor.

* Your non-Tor Browser can be vulnerable to various kinds of
  tracking and fingerprinting, because other browsers haven't done as
  much to mitigate that.  E.g., an attacker can use some kind of
  supercookie to recognize you across sessions, or serve some kind
  of Javascript that queries various system properties that produce a
  unique long-term fingerprint that Tor Browser might have prevented.

* Your non-Tor Browser can be inherently distinctive because very
  few people are using any given other configuration.  E.g., you might
  be the only person in the world currently using Tor with a particular
  browser version, OS, language, and browser window size (even if a
  site doesn't use elaborate or complex Javascript to find out about
  your system's properties).

Your particular setup has probably mitigated the first of these
effectively, but maybe not the other two.

Now, there are ways that the Tor Browser may also have failed to fully
mitigate each of these risks.  And there could be other benefits to
using a different browser in terms of adversaries who know of zero-day
vulnerabilities in Tor Browser that might not be present in other
browsers.  (Some critics have pointed out that more potential attackers
probably have zero-days against the current Tor Browser at a given
moment than against, say, the current Google Chrome; at least, they
typically wouldn't have to pay as much money to buy them.)  But you
probably can't mitigate the second two concerns above on your own, which
might always mean more trackability and less anonymity of a certain kind
when using another browser with Tor.

Also,

* If you use something other than Tor Browser, you can get confused
  about when you are or aren't using Tor, or accidentally enable or
  disable it in the middle of some other activity, leading to several
  kinds of contamination between Tor and non-Tor sessions.

Very sophisticated and disciplined users might not trip over this
particular issue, but it's a relatively high risk and a lot of people
using the old TorButton setup definitely ran into this kind of problem.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] catastrophe: ip-api.com sees me
  - From: Dash Four

References:
- Re: [tor-talk] catastrophe: ip-api.com sees me
  - From: Dash Four

Prev by Author: Re: [tor-talk] catastrophe: ip-api.com sees me
Next by Author: [tor-talk] Tor Browser safe window width cap
Previous by thread: Re: [tor-talk] catastrophe: ip-api.com sees me
Next by thread: Re: [tor-talk] catastrophe: ip-api.com sees me
Index(es):
- Author
- Thread