[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR Browser safety practices

To: "tor-talk" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] TOR Browser safety practices
From: npdflr <npdflr@xxxxxxxx>
Date: Sat, 20 Jul 2019 19:07:09 -0700
Arc-authentication-results: i=1; mx.zoho.com; dkim=pass header.i=zoho.com; spf=pass smtp.mailfrom=npdflr@xxxxxxxx; dmarc=pass header.from=<npdflr@xxxxxxxx> header.from=<npdflr@xxxxxxxx>
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1563674831; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=5C8TkKfgl5P+1wHoABGkjJgmML/4ZxnPvmD2liWKXwc=; b=STUxg6aoz3gY1O/4seSDyXpx+HlIyuKS3fcytuX7eVPl5bJqfgvYa8bW6ZSm1Xv5jkxFLipBhRoOmIhTA0U4EsqWutdW2uVHqLoDLyHo4vUzrqNNk+LyGIDkJjGYGMA2QhOf9z0hlKKfWAaFZu/K/eeZ8wDIMlwaNsmfpnDsP1g=
Arc-seal: i=1; a=rsa-sha256; t=1563674831; cv=none; d=zoho.com; s=zohoarc; b=Z2nGI1Grm9pbRmfzCg0qyZF4tx76uaLJ9UQj+UxRgpfTR668C5+Q5jXPmgcOf20/qaztN7L2yoXsz5Im0/RwlR1eS34+DSEo6mQMFEKL/8Jy0vPQAaePz0PtChfYY/eQzPnVw2tm2LanLHMCNjNKO1CfXYrQd0Pu96zioNa5OuA=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 20 Jul 2019 22:07:43 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1563674831; s=zm2019; d=zoho.com; i=npdflr@xxxxxxxx; h=Date:From:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; l=654; bh=5C8TkKfgl5P+1wHoABGkjJgmML/4ZxnPvmD2liWKXwc=; b=GhAv3Y8E996NjHe6mman8sccyrUqF8IH2u69t8tSIjGzjQ14wIbOcKGLLEcIXUqi GrfCTYa0H3IHR4gl7xzyyXzEqAHQ2yj0jGqWSbvDLVFfdS7o5vC2vs8MwIeXvhd3MaK /ncdQ4BhNwu/A4aXBmOm3AUqVz+ZufLa6pI6DB8U=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:to:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=bsclzS1sqhlhcD+8BkLULDnb5xoBJeHMFT83ZjBC8VjPIK0HS8kzw3WHMlthoHW4JFaRhVLSt0go BS25YrVLwViPwzry7pXIfUU7iNiqovWu8qZCrfHXQAPaZr7z9vSB
In-reply-to: <16af29e4be9.d6476bc613939.7445152316028954815@zoho.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <16aea754e6a.dbc2505b2107.3159756545535490058@zoho.com> <20190524214819.1d6b7130@lolcat> <16af29e4be9.d6476bc613939.7445152316028954815@zoho.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Zoho Mail

Tor browser already contains a NoScript addon allowing user to prevent certain scripts from running.

What is the worst case that could happen if a malicious script (Javascript, XHR, other) or a malicious cookie runs?
Apart from username, password which could be stolen, can other data be stolen/corrupted? Data like:-
1. Bookmarks
2. Browser storage: IndexedDB, DOM Storage
3. Files in TOR download folder
4. Data in the hard disk apart from the folders used by TOR. 
(Tor by design does not write any browsing activity like history, session etc to disk. So I think data in other parts of hard disk should be safe.)
5. Current data held in RAM

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TOR Browser safety practices
  - From: Notopygos

Prev by Author: Re: [tor-talk] suggestion/fix for the signing keys
Next by Author: Re: [tor-talk] stay clear from exit "BSDNow2016"
Previous by thread: [tor-talk] Tor Node Randomization Choice
Next by thread: Re: [tor-talk] TOR Browser safety practices
Index(es):
- Author
- Thread