[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles



Thus spake Freemor (freemor@xxxxxxxx):

> I think what needs to be done here is to create a FAQ or other standard
> document that will 1.) inform the vastly misinformed public. 2.) list
> places and ways they can make a difference.

Excellent post, even if slight off-topic. As suggested on IRC, I think
the Tor documentation strategy needs to be rethought. Most people
barely read the download page, let alone the reems of FAQ questions.

We've had two "attacks" now on Tor that rely on unmasking users who
use Tor incorrectly. One of them actually published a paper and had
decent results at unmasking this way (mostly Asian users who probably
can't read our english mailinglist or english FAQ), and the media
still doesn't seem to understand that these attacks are well
documented.

The Tor download page should have a concice "Things to know before
downloading" section that lists a few key points about the most easy
ways your identity can be revealed through Tor. Something like
 
Things to know before you download Tor:
 - Browser plugins can be made to reveal your IP. 
 - This includes Flash, Java, ActiveX and others. 
   - It is recommended that you use FireFox and install the extensions 
     NoScript, QuickJava, and FlashBlock to control this behavior if
     you must have these plugins installed for non-Tor usage.
 - Make sure your browser settings have a proxy listed for ALL
   protocols (including Gopher and FTP).
 - For further details, please consult the Tor FAQ.

Maybe this will stop the same attack from hitting the blogosphere
every 2 months. Even better, maybe it will stop that attack from
actually working..

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs