[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] FBI cracked Tor security
-----BEGIN PGP SIGNED MESSAGE-----
On 07/14/2016 01:38 AM, Jon Tullett wrote:
> On 14 July 2016 at 08:37, Mirimir <mirimir@xxxxxxxxxx> wrote:
>> On 07/14/2016 12:23 AM, Jon Tullett wrote:
>>> Having pwned the server, a malware component is then injected
>>> to visiting computers. Ie: when the criminal visits the
>>> infected site, his PC is infected (over that encrypted, secure,
>>> etc) connection. Now infected, his PC will be under the control
>>> of the FBI, and the investigation will proceed from there. As
>>> soon as it's connected to the regular internet, that connection
>>> will be traced, but that connection is not necessary - data on
>>> the PC can be exfiltrated by the feds over Tor and used to
>>> identify the user.
>> Tor Project ought to inform users about this risk, and recommend
>> countermeasures. It's not like this is new. I see nothing at
> I agree - a warning of the dangers of visiting infected onion
> sites could be useful (even though the problem is not specifically
> a Tor one). There's the risk of feature creep - security is a big
> space and it isn't really Tor's job to educate people on every risk
> online. Perhaps a clarification that just as TBB is not all you
> need to maintain privacy, it's also not all you need to stay
> secure, with a pointer to some external tips?
There is an aspect of visiting hostile onion sites that's especially
problematic: forcing direct clearnet connections that reveal users'
ISP-assigned IP addresses. It's irresponsible to continue recommending
only vulnerable setups, especially Tor browser in Windows.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to