[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] How secure is check.torproject.org?

To: <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] How secure is check.torproject.org?
From: author@xxxxxxxxxxxxxxxxxxxxxxxx
Date: Sun, 17 Nov 2013 15:29:12 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Nov 2013 14:41:12 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/0.8.5

If I were going to perform a de-anonymization attack on Tor users enmasse, I would take advantage of the fact that TorBrowser and TailsLinux* both load a page with client-side scripting enabled upon startup.How secure is this single point of failure?

I'm also curious if it would be possible to add command-line optionsfor disabling scripts globally via NoScript at startup to Ice Weasel andTor Browser, so a user could start from the command line using somethinglike:

/usr/bin/iceweasel -noscripts

I realize that TorButton provides some protections, but I'd like to doeven better.

*: The current default page for Ice Weasel in Tails istails.boum.org/news/, but I believe I saw some talk in the Tails mailinglist about possibly changing it to blend in better with TorBrowserusers.


Regards,
Kristov
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How secure is check.torproject.org?
  - From: intrigeri
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Sebastian G. <bastik.tor>

Prev by Author: Re: [tor-talk] Change to check.torproject.org
Next by Author: Re: [tor-talk] US Senate Virtual Currency Hearing Summary
Previous by thread: Re: [tor-talk] New to TOR
Next by thread: Re: [tor-talk] How secure is check.torproject.org?
Index(es):
- Author
- Thread