Thus spake M (moeedsalam@xxxxxxxxx): > If one is running a wordpress blog using TOR, will installing Google > gears in order to speed up the process compromise anonymity in any way? > Will it bypass the proxy settings or anything? Google Gears has not been fully audited for anonymity, so we don't yet know the specific answer to this, but the outlook isn't good. Gears components can store arbitrary data from websites, and the current Gears implementation does NOT obey "private browsing mode" in either Firefox or Chrome to conceal gears data. Gears data is also not cleared when you "clear private data" in either browser. I believe it does use Firefox's network stack, so proxy settings should most likely be obeyed. However, it is possible it can phone home to update its component cache or to ping your gears websites at any time, regardless of your current Tor mode. It is also likely that gears data can be transfered over http as opposed to https, which would mean that any exit node can spoof google gears urls and probe your installation for gears data, which may include authentication information or unique identifiers. Risky business. I would recommend against it unless you're prepared to audit it with wireshark first. If you do, please report back! -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpcxr8yxj2VM.pgp
Description: PGP signature