[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] NoScript for TOR disabled by default




On 31/01/2014 13:20, Joe Btfsplk wrote:
On 1/31/2014 8:00 AM, Olivier Cornu wrote:
Le 31/01/2014 01:18, Joe Btfsplk a écrit :
On 1/30/2014 9:22 AM, Sukhoi wrote:
In fact, I am worried with the Wireless Position System developed by
google and others, and the introduction in the browsers, like firefox, a
way to track which wireless networks the computer can "see" in a given
moment. Based on that they identify the user physical (because google
street view mapped the wireless network physical location), fingerprint
the computer and, possibly, track other key information.

Seems that this critical issue is not currently handled by TOR.
OK - why would Mozilla want to track the location of users?
It does not have to be Mozilla, it could also be any website visited:
http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location

Where Mozilla might be held responsible is because the corresponding bug
has had an open ticket for almost 8 years:
https://bugzilla.mozilla.org/show_bug.cgi?id=354493

But perhaps I misunderstood what Sukhoi meant…
I understood that it's websites (or trackers like Google) that would gather data. But the ability to do it - bug or whatever - comes from the browser or other technology, from Mozilla, Google, others.


I am talking about tracking by google and other sites to identify the user physical location.

Bug is an issue, as always, but now the browsers have a native and specifically designed funcionality to track the location by looking the wireless networks the user's computer can "see".

The functionality is to help users that "do not know where they are". Yes, yes, and I believe also in Santa Clauss...

Firefox has that functionality and this is not a coincidence. 90% of Firefox Foundation funds are by Google. Google core business is steal data to sell to governments and anybody else that can pay.
Since the beginning Google has been funded by In-Q-Tel, a CIA arm.

Regardless of anything else, if the intention is good or not, that tracking functionality has the potential to by-pass the TOR techniques to hide the user identity. TOR developer team is doing a great job and, IMHO, fix that issue will corroborate to keep the TOR's value and purpose for the community.


Another big threat that SSL, AES and other encryption protocols used by TOR network probably are compromised by NSA:
http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/


Sukhoi



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk