[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] any issue with TBB extensions auto updating?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] any issue with TBB extensions auto updating?
From: tagnaq <tagnaq@xxxxxxxxx>
Date: Mon, 14 May 2012 22:34:17 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 14 May 2012 16:38:28 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=CQ/egM6WMObZQVszxN0ddTPiBSgBnAzJfHcdYIysdAo=; b=gkOEZXHWintYjX0J2vGZ2Zda5F+GV1w7k9gdEooTjpzDLBnXvLh5nDcnUAR+zrGIcT SeG51Avb0rijI8sISFMAR9QPTR3WFEHSyFKPqMFRH18B0YAw6YCxiS3cICOtElqVE8ND aQzTsEoz65Edy12vYtTXQMiGgc2V6w+8PEhYT+iPz+zqqtVGKoyD2kmZ/bWZ/b5wFp/m eXDicCfpTb+Lw9R+5pJ9+rTy47VIlKEMc29hbS1pINoUxRUIe1bBh82CWGZLCQdEu3e5 imXYucE0UMqpjKb8dqLv/dcdPurPhzyZPDVTGlshTR60YPxhVDS6GTxwOcZCYkDy37rC TbDg==
In-reply-to: <4FB14037.2030501@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4FB14037.2030501@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Is there any anonymity / fingerprinting issue(s) w/ extension
> shipped w/ TBB auto updating during a Tor session?
> 
> Default setting in TBB in Addons > Extension under drop box,
> "Update Add-ons Automatically" is checked.
> 
> Do No Script, HTTPS Everywhere, TorButton automatically update when
> the default update selection above is checked & does that pose any
> anonymity / fingerprinting issues?

You might be interested in this discussion:
https://lists.torproject.org/pipermail/tor-talk/2011-June/020755.html
https://lists.torproject.org/pipermail/tor-talk/2011-July/020784.html

short version: the exit sees what you are updating (http request) but
can't modify it without being detected.

regarding the prevention of SSL MITM (compromised CAs and the such)
during the update process, you might want to have a look at:
https://trac.torproject.org/projects/tor/ticket/3555

the future of key pinning via HTTP headers
http://tools.ietf.org/rfcmarkup?doc=draft-ietf-websec-key-pinning-01
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk+xbEkACgkQyM26BSNOM7aJ3AEAnWiVA4+And1x/ThB07dH/p6M
Y8KBT51eNVCFKg8GCsgA/AjaTuAsE2tuGhky25py9KCZtqAQsIbKdXQsjAE9U9iD
=dlXp
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] any issue with TBB extensions auto updating?
  - From: Joe Btfsplk

Prev by Author: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Next by Author: Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Previous by thread: Re: [tor-talk] any issue with TBB extensions auto updating?
Next by thread: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
Index(es):
- Author
- Thread