[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How secure is check.torproject.org?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How secure is check.torproject.org?
From: "Sebastian G. <bastik.tor>" <bastik.tor@xxxxxxxxxxxxxx>
Date: Sun, 17 Nov 2013 22:03:34 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Nov 2013 16:11:33 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=OCwJIYXymbOjGCznriVZDRVsWSNW1hsfqn9MdZOYXJI=; b=aB/8GEnNKu4boZDnNhUSMhvl0g9NPcz7etX8eR5BhyS8m3qjViEu5YtJIUpM29CBKk WXn9vT/wTWT4NW1Q2mz42vA7fH5pS+Ygv22TqJ/duFvWdfIj/crEGYchRW3Cv3FSrtZU 1/YeVZG4Qtb84xBPVVpPpE/vf708FgIJflW2Znf/vmdWUTjMtzBYfmXvOWmh20JRb6hZ wd0bVBMPEuKLY2EtAuolap4BXreA9dhyCUSw/lm+9aC2R/1xb4NvUYq//SN9/ew0yiYE ZQij10yky9OAp4bFFF4/HxNgXyB1afl+gKhCbP+WIwxgtV93IOi5t4BMPXl7kIgj6h+i 1sJQ==
In-reply-to: <c5a65f910fa136af35133a362edda816@xxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <c5a65f910fa136af35133a362edda816@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

17.11.2013 20:29, author@xxxxxxxxxxxxxxxxxxxxxxxx:
> If I were going to perform a de-anonymization attack on Tor users en
> masse, I would take advantage of the fact that TorBrowser and Tails
> Linux* both load a page with client-side scripting enabled upon startup.
> How secure is this single point of failure?
> 

It's about check.torproject.org

Without answering any of your questions let me tell you that with the
upcoming release of TBB 3.X, which should be in beta right now, the
browser will no longer visit check.torproject.org

The reason is that it is a single point of soemthing*

*failure for sure, maybe trust as well.

Regards,
Sebastian G. (aka bastik_tor)

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How secure is check.torproject.org?
  - From: Roger Dingledine

References:
- [tor-talk] How secure is check.torproject.org?
  - From: author

Prev by Author: Re: [tor-talk] New to TOR
Next by Author: Re: [tor-talk] Regarding #8244; Including a string not under authority control?
Previous by thread: Re: [tor-talk] How secure is check.torproject.org?
Next by thread: Re: [tor-talk] How secure is check.torproject.org?
Index(es):
- Author
- Thread