[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Will Tor affect Internet Explorer? (newbie question)



25.07.2013 15:27, Marcos Eugenio Kehl:
> "Could a printer or another software that I have check for updates or
> something like that and reveal information about me or my machine?"


If one redirects all traffic through Tor and software contacts its
companies server to ask for updates it may include information that
reveal the system or the individual that purchased/registered this software.

The printer itself is not asking for updates unless you look for new
drivers, which is not part of the printers responsibility, but the OS.
Regarding firmware updates I think its unlikely that a printer will
check, since users are not supposed to do firmware upgrades.

Printer software (scan tool, PDF-converter, etc. is just software and
may checks for updates as well.

> Nice question. I´m not able to answer it, so I add another questions
> for the experts: 1. Should I disable/shutdown my anti-virus before
> start Tor Browser?

Probably not. If your AV product comes with an cloud-scanning service,
it may upload the files or information about them to the vendors server.
If you download files over Tor your AV vendor could get knowledge about it.

Firefox and TorBrowser have a setting to invoke the system AV solution
to scan a downloaded file. This option is currently turned on in both,
this will be disabled in TorBrowser. However most AV solutions scan new
files anyway. (They hook into the system and scan what's written.)

Obviously it is software again, and since everything on Windows has to
use its custom solution to retrieve updates it will connect to the
Internet and tell its update server what signature version it got.

Suppose you use a special software that is very uncommon and it updates
over Tor. This would allow a malicious exit to know when you use Tor.
(Only you use this software over Tor, so only your software makes Tor
exit nodes communicate with the update server)

> Is it  adviced I erase all the metadata after
> navigation, for example, using CCLEARNER? Must a erase all the event
> logs in Windows?2.

The TorBrowserBundle is designed to leave less traces. However the
TorBrowserBundle is not cleaning up anything. You might be interested in
Runa's analysis [1][PDF]. It covers Windows, Linux and Mac.

It does not hurt to run a software that cleans up traces and clear the
logs. It depends on your threat model. If it is critical to hide the
fact that you ran TorBrowserBundle (or just Tor) then it is an option.
Please note that if someone who inspects your machine will most likely
notice that you cleared the logs and erased traces. Also he could alter
your system and backdoor it.

> Tor works with low or high latency?

Tor is a low latency anonymity network. Remailers like Mixminion are
high latency. Tor has to be low latency in order to be useful for most
people. Browsing the web is more painful as latency becomes higher. You
would probably not want to wait minutes for your website to appear.
Real-time communication requires low latency as well. Checking mails
however is not that time critical and works with higher latency.

[1]
https://research.torproject.org/techreports/tbb-forensic-analysis-2013-06-28.pdf

Best,
bastik
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk