[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles

On Wednesday, March 07, 2007, at 07:42AM, "Roger Dingledine" <arma@xxxxxxx> wrote:
>On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote:
>> > http://blogs.zdnet.com/security/?p=114
>> The approaches suggested won't work if you use Firefox with NoScript set 
>> to disable JavaScript, Java, Flash and any other plugins.
>You still have to be careful though -- if you enable them for some
>domains that you trust (say, foo.com), then you can still get nailed
>when you visit foo.com from an evil exit node, it inserts some malicious
>applets, and your noscript says "well yeah, but the user typed in foo.com,
>therefore this applet is from foo.com, so I trust it".
>So the moral of the story appears to be turn the plugins off, period.
>The broader moral is: don't run code from strangers on your computer. The
>even broader moral would be to lament that we're still not using SSL on
>most Internet interactions. And maybe the fourth is that we (somebody
>here) should work on easy instructions for locking down common OS network
>interfaces so only Tor communications can get through. Or Tor LiveCDs
>that have that already done. Or VM images that can be run as routers
>between your computer and the Internet.

Actually the moral of the story would be to surf using Lynx w/SSL from a Linux or BSD Tor enabled LiveCD.  Unfortunately you won't see any pictures or movies so that will eliminate most users who use Tor for "private" surfing.  ;-)

Or you could get REALLY secure and just unplug the computers from the net and go outside for some fresh air and get a life!