[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Downloading attachments with Tor - is this secure?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Downloading attachments with Tor - is this secure?
From: Matthew <pumpkin@xxxxxxxxx>
Date: Sat, 19 Jun 2010 15:09:41 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 19 Jun 2010 10:41:42 -0400
In-reply-to: <4C1CC2E3.1070905@xxxxxxx>
References: <4C1B1AE6.9060209@xxxxxxxxx> <4C1B4AD9.9070107@xxxxxxx> <4C1C704A.6020305@xxxxxxxxx> <20100619110450.GB11758@xxxxxxxxxx> <4C1CC2E3.1070905@xxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100411)

Thank you all for this advice - I'm pleased that my question was not sobasic.

I was not using Torbutton. However, I had previously usedwww.decloak.net and it could not get my real IP.

I tried www.decloak.net again and I am still anonymous. The reasons are(even in the absence of Torbutton) because I have no plugins functioning(e.g. Flash is off). Also, no Java (JavaScript is on). Whenwww.decloak.net asks me to download a Word document (although I am usingOpenOffice under Ubuntu so not the "normal" Word) irrespective ofwhether I open the document or save it then open it, www.decloak.netcannot get my IP. When I expand the little icon in OpenOffice Writer(which starts http://) the IP address is that of the Tor exit node (fortesting I am using StrictExitNodes so I know what my Tor IP is).

However, I am going to start using Torbutton.

Thanks again.

Aplin, Justin M wrote:

Yes, if you use Torbutton, the attachment itself will be downloaded
only via Tor.
I believe this is the short answer to your question, though everythingelse Mike said is good to keep in mind as well, especially insituations where paranoia is appropriate.
This is especially dangerous if you are using Yahoo Mail, because even
if you trust the person who sent you the document, your attachment
will be downloaded in plaintext (via http, not https).
Watch out for this. Yahoo's *login* page for webmail and otherservices may be HTTPS, but this reverts to plain HTTP once you'reactually viewing your mail and downloading attachments. A simplesolution for secure webmail at the moment is using Gmail and the newFirefox addon "HTTPS-Everywhere" available fromhttps://www.eff.org/https-everywhere . This addon is *NOT* magic, asit only works with the particular list of websites available on itsoption page, but making sure "Google Services" is checked in it'soptions will allow all Gmail connections (including downloadingattachments) to happen over HTTPS.
~Justin Aplin
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Downloading attachments with Tor - is this secure?
  - From: Matthew
- Re: Downloading attachments with Tor - is this secure?
  - From: Aplin, Justin M
- Re: Downloading attachments with Tor - is this secure?
  - From: Matthew
- Re: Downloading attachments with Tor - is this secure?
  - From: Mike Perry
- Re: Downloading attachments with Tor - is this secure?
  - From: Aplin, Justin M

Prev by Author: Re: Downloading attachments with Tor - is this secure?
Next by Author: Re: Google language turns depending on tor node...
Previous by thread: Re: Downloading attachments with Tor - is this secure?
Next by thread: Rogue exit nodes - checking?
Index(es):
- Author
- Thread