[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] About TBB downloadings

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] About TBB downloadings
From: Lluís <msl12@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Oct 2014 21:35:48 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 16 Oct 2014 15:36:02 -0400
In-reply-to: <543FE286.2080908@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <543F9C3E.4010803@xxxxxxxxxxxxxxxx> <543FA858.4000708@xxxxxxxxxx> <543FC30C.3010907@xxxxxxxxxxxxxxxx> <543FE286.2080908@xxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.1

Very clear. I think I've got it.

God bless good old plain text files !!!

Lluís
Spain

On 10/16/2014 05:21 PM, Naja Melan wrote:
>> By the way, applies the same to the already downloaded pdf docs ?
> 
> yes.
> 
> It applies to everything you download and feed to an application which 
> has internet access and which might connect to the internet based on 
> information within the file or the filename for that matter.
> 
> For a more complete security analysis I think about it like this:
> 
> - If I download a document not over https correctly certified: the 
> server, the last tor node and any routers between that last tor node 
> and the server can inject something in the document
> - If I download a document from a server with correct https: the server 
> (potentially hacked) could try to identify me, on top of any 
> reservations you might have about https
> 
> By all means, that's a lot of leaks if you are concerned about your 
> security, so it is strongly adviced to open documents in Tails or in a 
> VM that has no internet access. On top of that, it could be difficult 
> to verify documents and clean them if you want to store them for later 
> use and distribution, so in that case use a clean tor connection not 
> related to other sensitive internet traffic.
> 
> If you use tor for your everyday browsing as an extra privacy measure, 
> than downloading a random scientific paper and opening it will probably 
> be low risk. Just keep in mind that the last tor node is an extra MITM 
> that makes tor under quite a few circumstances less secure than direct 
> internet connection (since anyone can run one). So if your evince has a 
> buffer overflow bug for example, that's an extra person who could try 
> to exploit it (again unless you use valid https) and this sort of 
> exploit works on any document, regardless of whether the contents are 
> sensitive or not.
> 
> It's up to you to figure out your security needs.
> 
> Naja Melan
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] About TBB downloadings
  - From: Lluís
- Re: [tor-relays] About TBB downloadings
  - From: Andrew Roffey
- Re: [tor-relays] About TBB downloadings
  - From: Lluís
- Re: [tor-relays] About TBB downloadings
  - From: Naja Melan

Prev by Author: [tor-relays] About TBB downloadings
Next by Author: [tor-relays] minimal specifications for a non-exit relay?
Previous by thread: Re: [tor-relays] About TBB downloadings
Next by thread: Re: [tor-relays] About TBB downloadings
Index(es):
- Author
- Thread