On 31/01/2014 13:20, Joe Btfsplk wrote:
On 1/31/2014 8:00 AM, Olivier Cornu wrote:I understood that it's websites (or trackers like Google) that would gather data. But the ability to do it - bug or whatever - comes from the browser or other technology, from Mozilla, Google, others.Le 31/01/2014 01:18, Joe Btfsplk a écrit :On 1/30/2014 9:22 AM, Sukhoi wrote:In fact, I am worried with the Wireless Position System developed bygoogle and others, and the introduction in the browsers, like firefox, away to track which wireless networks the computer can "see" in a given moment. Based on that they identify the user physical (because googlestreet view mapped the wireless network physical location), fingerprintthe computer and, possibly, track other key information. Seems that this critical issue is not currently handled by TOR.OK - why would Mozilla want to track the location of users?It does not have to be Mozilla, it could also be any website visited:http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-locationWhere Mozilla might be held responsible is because the corresponding bug has had an open ticket for almost 8 years: https://bugzilla.mozilla.org/show_bug.cgi?id=354493 But perhaps I misunderstood what Sukhoi meant…
I am talking about tracking by google and other sites to identify the user physical location.
Bug is an issue, as always, but now the browsers have a native and specifically designed funcionality to track the location by looking the wireless networks the user's computer can "see".
The functionality is to help users that "do not know where they are". Yes, yes, and I believe also in Santa Clauss...
Firefox has that functionality and this is not a coincidence. 90% of Firefox Foundation funds are by Google. Google core business is steal data to sell to governments and anybody else that can pay.
Since the beginning Google has been funded by In-Q-Tel, a CIA arm.Regardless of anything else, if the intention is good or not, that tracking functionality has the potential to by-pass the TOR techniques to hide the user identity. TOR developer team is doing a great job and, IMHO, fix that issue will corroborate to keep the TOR's value and purpose for the community.
Another big threat that SSL, AES and other encryption protocols used by TOR network probably are compromised by NSA:
http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/ Sukhoi -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk