[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Implement JSONP interface for check.torproject.org

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Implement JSONP interface for check.torproject.org
From: Collin Anderson <collin@xxxxxxxxxxxxxxxxxx>
Date: Sun, 6 Nov 2011 21:36:15 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Nov 2011 21:36:33 -0500
In-reply-to: <201111062113.27771.andrew@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4EB5E251.1020909@xxxxxxxxxx> <4EB6818F.4050201@xxxxxxxxxxxxxxxxxx> <4EB6AF08.6020007@xxxxxxxxxxxxxxx> <201111062113.27771.andrew@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Tor would not be validating the nature or security of the hosted site, rather the JSON would be confirming attributes of the visitor. I cannot imagine many scenarios where a malicious party stands to benefit from forging these credentials -- or for that matter a manner where they could not fake a confirmation themselves without using the API.

On Sun, Nov 6, 2011 at 9:13 PM, Andrew Lewman <andrew@xxxxxxxxxxxxxx> wrote:

On Sunday, November 06, 2011 11:00:08 Fabio Pietrosanti (naif) wrote:
> Let's support that AccessNow https://www.accessnow.org/ would like to
> implement the privacybadge web widget, they have several options:

A word of caution about privacy badges, learning the history of TRUSTe is
relevant, https://secure.wikimedia.org/wikipedia/en/wiki/TRUSTe#History.

Research shows that sites with the TRUSTe seal are the least likely to honor
what you think of as privacy, http://www.benedelman.org/news/092506-1.html.

--
Andrew
pgp 0x74ED336B

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--
Collin David Anderson

averysmallbird.com | @cda | Washington, D.C.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Implement JSONP interface for check.torproject.org
  - From: Arturo Filastò
- Re: [tor-talk] Implement JSONP interface for check.torproject.org
  - From: tor
- Re: [tor-talk] Implement JSONP interface for check.torproject.org
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Implement JSONP interface for check.torproject.org
  - From: Andrew Lewman

Prev by Author: Re: [tor-talk] Tor and AES-NI acceleration , and Tor profiling
Next by Author: Re: [tor-talk] What happen if one create 2000 exit nodes for 6 hours?
Previous by thread: Re: [tor-talk] Implement JSONP interface for check.torproject.org
Next by thread: Re: [tor-talk] Implement JSONP interface for check.torproject.org
Index(es):
- Author
- Thread