[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor-browser bundle on XP
XeroBank's network does not use tor whatsoever. Modern onion
routing is not suitable for commercial anonymity.
Perhaps the confusion is that our client software is not
our network software, unlike Tor. xB Browser users do not
create the XeroBank network. xB Browser only accesses other
networks as a client.
So you have this:
[Browser] -> [Connection Client] -> [Network]
In the instance of Tor, the connection client and the network
are essentially the same. In the instance of XeroBank, the
connection client for legacy users will be PuTTY/SSH to the XB1
network, and for modern users the connection client will be
OpenVPN/TLS to the XB2 network.
Currently xB Browser lets the user select which anonymity
network they want to use: Tor or XeroBank. This also means
we could theoretically also add JAP or I2P in as well. It
is also written to work with the Mozilla softwares, so it
can easily run a News Reader, Chat client, Mail client,
or any other in place of the Browser if one was motivated.
It is somewhat agnostic of the network it connects to except
for the threat models. Because Tor is vulnerable to exit node
injection and MITM attacks, it employs a Tor-specific user.js
option overlay which blocks out scripts and plugins and mime
types, and RSA/MD5 SSL certificates. When connected to XeroBank's
VPN the threat model is different so it behaves accordingly, allowing
scripts, plugins, and mime types, but wiping out flash cookies,
DOM objects, cookies, hidden registry plugins, and other homing
badware. It also has a hybrid user option overlay, for the SSH
connections because it knows there isn't injection/mitm risks
but it also knows the VPN isn't catching all the traffic so it
covers up java proxy settings in windows, and restricts scripts,
and plugins etc at the option of the user, but it doesn't worry
about RSA/MD5 SSL certificates.
It was rewritten from scratch a couple years ago, and I don't
think it has a single line of PortableApps code left in it.
I think it would be safe to say this is nothing like the Torpark
Jacob Appelbaum wrote:
> Arrakis wrote:
>> Phobos et al,
>> xB Browser installs giving a user a choice of two modes.
>> The first is Tor, the second is the XeroBank network. xB
>> Browser is included in the XeroBank Installer bundle which
>> includes xB VPN and xB Mail as well.
>> xB Browser, if Tor is installed, will just run Tor for it's
>> connection client.
> I think there's some confusion here. In a previous thread you suggested
> that XeroBank  doesn't use Tor. This is confusing because your
> "source" package contains a Tor binary:
> /tmp/xb% 7z e XeroBank_Source.zip
> /tmp/xb% find .|grep -i tor
> It looks like Tor is included with your software.
>  http://archives.seul.org/or/talk/Dec-2008/msg00053.html