[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What good is using Facebook through https://facebookcorewwwi.onion/ ?



Paul: correct me if I'm wrong, but doesn't Facebook's key-pinning for CA
Cert, and then DNSSEC for records, solve these concerns?

-V

On Sat, 19 Sep 2015 at 22:42 Paul Syverson <paul.syverson@xxxxxxxxxxxx>
wrote:

> You are also not vulnerable to any DNS hijack since address lookup
> does not use the DNS system. Likewise BGP hijacks are diminished in
> value. But perhaps more important than either of these, any CA hijack
> or shenanigans are greatly diminished in usefulness. You might want to
> look at a short position paper we have that discusses this:
> "Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication"
> pdf of paper and
> slides available at http://ieee-security.org/TC/SPW2015/W2SP/
>
> We also have a revised and expanded paper reflecting subsequent
> developments in the works.
>
> aloha,
> Paul
>
> On Sat, Sep 19, 2015 at 09:33:51AM +0000, Virgil Griffith wrote:
> > The usual example given for this is, "if you don't want to share your
> > amount of Facebook use with your ISP or the NSA, Facebook supports you
> > doing that."
> > On Sat, 19 Sep 2015 at 17:19 Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx
> >
> > wrote:
> >
> > > On Sat, Sep 19, 2015 at 09:19:12AM +0300, Qaz wrote:
> > > > What good does https://facebookcorewwwi.onion/ bring? I think there
> are
> > > > but not much and not that far away from the benefits one can have
> > > > logging in via mainstream browsers such as Firefox and Chrome.
> > >
> > > Perhaps you're on a secret mission somewhere and want to log into
> > > Facebook, without letting even Facebook know where you are.
> > >
> > > Perhaps you can't access Facebook from where you are, but can access
> > > Tor.
> > >
> > > Perhaps neither applies to you, but you just want to make sure those
> > > people to whom it does apply don't stand out.
> > >
> > > Perhaps you think all Internet traffic should use onion routing.
> > >
> > > Perhaps there's another reason for using it that you don't want to
> > > share, which should be fine: one shouldn't generally have to explain
> why
> > > one uses Tor.
> > >
> > > Martijn.
> > > --
> > > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > >
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk