[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 02 Jul 2013 22:15:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Jul 2013 18:15:28 -0400
In-reply-to: <051.02df32f5c95d9af394a07fee88bb733a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.02df32f5c95d9af394a07fee88bb733a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9195: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
---------------------------------------+------------------------------------
 Reporter:  cypherpunks                |          Owner:  erinn
     Type:  defect                     |         Status:  new  
 Priority:  critical                   |      Milestone:       
Component:  Tor bundles/installation   |        Version:       
 Keywords:  tbb-pref, MikePerry201307  |         Parent:       
   Points:                             |   Actualpoints:       
---------------------------------------+------------------------------------
Changes (by mikeperry):

  * keywords:  Tor Browser Bundle => tbb-pref, MikePerry201307
  * priority:  major => critical


Comment:

 Thank you for the detailed explanation. I didn't realize that AV systems
 had moved into the cloud for verifying stuff like this.

 Also, seems incredibly invasive way for them to do it, too.. Why didn't
 they just use a bloom filter or similar mechanism to query for and
 download hash lists before resorting to such a submission (like how
 Google's safebrowsing lists work)?

 Are they purposefully doing it wrong to collect/mine/sell user data, I
 wonder? Someone should probably also contact a few tech reporters about
 this (if they haven't already reported on it). There is no technical
 reason for these AV systems to work this way.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9195#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9168 [Tor]: GSOC seccomp stage 1
Next by Author: Re: [tor-bugs] #8674 [EFF-HTTPS Everywhere]: Installing HTTPS Everywhere + security.mixed_content.block_active_content breaks Youtube.com
Previous by thread: Re: [tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
Next by thread: Re: [tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
Index(es):
- Author
- Thread