[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
From: 7v5w7go9ub0o <7v5w7go9ub0o@xxxxxxxxx>
Date: Fri, 22 Jul 2011 08:56:54 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Jul 2011 08:57:51 -0400
In-reply-to: <20110722121443.143970__28069.8032737293$1311337311$gmane$org@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20110722121443.143970__28069.8032737293$1311337311$gmane$org@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 07/22/11 08:14, Achter Lieber wrote:
> ----- Original Message ----- From: hikki@xxxxxxxxxxxxx Sent:
> 07/10/11 08:55 PM To: tor-talk@xxxxxxxxxxxxxxxxxxxx Subject:
> [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
>
> I'm having a laptop that is Tor only, so it never connects to the
> internet without going trough Tor. Someone wrote that malicious Tor
> exit nodes may modify your downloads. So when I need to install the
> recommended plug-ins for Firefox, like TorButton and NoScript, and I
> do that trough the Tor network, is that safe? Thanks for help! :)

Given the add-ons are updated via SSL, it is reasonably safe as long as
you check your certs for possible MIM attack using a "low integrity" CA.

Some folks will delete all of the authorities distributed with Firefox
and Thunderbird, and then add certs one at a time - validating each.
This is pretty easy with Thunderbird (only a few mail accounts); a PITA
for FF.

Another promising - not perfected for TB - way is using Certificate
Patrol. It will popup and warn you if the cert (e.g. for
https//addons.mozilla.org) has mysteriously changed.

<https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/versions/>

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
  - From: tagnaq

Next by Author: Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
Previous by thread: Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
Next by thread: Re: [tor-talk] Downloading Firefox add-ons trough Tor. Safe?
Index(es):
- Author
- Thread