[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] using themes in Aurora

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] using themes in Aurora
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Mon, 17 Oct 2011 10:49:37 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Oct 2011 11:50:29 -0400
In-reply-to: <22c7533e-0f41-4977-a090-7a1c43efcf1e@zimbra>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <22c7533e-0f41-4977-a090-7a1c43efcf1e@zimbra>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

On 10/17/2011 3:20 AM, Marco Bonetti wrote:

----- Original Message -----

On Friday, October 14, 2011 12:49:32 Joe Btfsplk wrote:

No one's EVER looked into Tor security issues of using themes (from
Mozilla addons site) or Firefox GUI enhancement addons, like Tab
Mix Plus?

You could be the first!

My first step would be to see what information is sent back to
mozilla's getpersonas.com site by the theme.

I took a look at personas back in 2009: when it was still in an early experimental stage and it was distributed as an extension, I was able to register a cookie exchange with your browser and personas server. The exchanged cookie contained the IP address of the browser as seen by the server.
I noted it in my 2009 e-privacy talk: http://sid77.slackware.it/tor/TorWeb20.pdf (Italian only, sorry).
However, since personas get stable and became an official feature of Firefox I wasn't able to record that cookie again, so I didn't mention it in the next events.

Thanks for info. I don't speak / read Italian, but not sure the talk (&part concerning cookies) would answer my question.

FIRST:   My OP was about * Themes, * not personas.

2nd: One doesn't have to accept cookies from MAO site to d/l or installthemes - so cookies aren't really the main issue / question.

The security issue about themes & TBB would be (some ?) themes alteringsome function(s) of Aurora that would interfere w/ normal Tor / Aurorasettings or functions, compromising anonymity. I doubt that is thecase, but have nothing to prove it.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] using themes in Aurora
  - From: Marco Bonetti

Prev by Author: Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
Next by Author: Re: [tor-talk] Anybody else having problems with Hushmail via Tor?
Previous by thread: Re: [tor-talk] using themes in Aurora
Next by thread: [tor-talk] TBB as user debian-tor
Index(es):
- Author
- Thread