[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 1PassWord Firefox extension

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] 1PassWord Firefox extension
From: Dave Warren <davew@xxxxxxxxxxxx>
Date: Fri, 28 Aug 2015 22:17:48 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 29 Aug 2015 01:18:20 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com; s=MD-20140321; t=1440825471; x=1441430271; q=dns/txt; h=Message-ID: Date:From:User-Agent:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=0JuFUH4dd c7x7eiCdQj6mOjwjWZeF3o4EFTVIfD3oZk=; b=Vflbyc7UTV7qU5zNiCHCgUx8G wHuF+WrZUqn6L9zYwJ6ro3AsdyqJszEvukhTyG1vPJxcvFTe4B9I+1d6tZREKzrr m81CraCto+SBX6yA4aXAanZaeI0z6OEccvyofiqHZTc649G61ALV+79DDwmUk4k3 /2p0+k8gCEfIkJJy5E=
In-reply-to: <59C7C746-7C63-4E88-9A8F-9E9BB376FCB9@xxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <59C7C746-7C63-4E88-9A8F-9E9BB376FCB9@xxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:25.4) Gecko/20150524 FossaMail/25.1.5

On 2015-08-28 13:55, Graham & Heather Harrison passed on what 1Passwordsupport wrote:

As with most proxy/firewall software that customers add to their computers to increase security, we can tell them to add an exception to the whitelist for localhost (127.0.0.1), but in the case of Tor, I just don't know enough about the internals of how it goes about blocking things it deems potentially harmful to know whether adding an exception for 127.0.0.1 would be considered voiding the protection offered by Tor. The Tor proxy itself is contained on 127.0.0.1, port 9051, so bypassing for localhost might inadvertently induce a whole host of other, non-1Password applications/utilities/helper programs to pass information outside of the Tor channels, potentially exposing your real IP address. I just don't know. In my own testing just now, i can confirm that adding 127.0.0.1 to Tor's Preferences => Advanced => Network Settings does indeed allow the 1Password extension to work...but at what cost to the anonymity afforded by Tor, I have no idea.

This here is why I love 1Password, they're actively understanding theircustomer's desire for the security of Tor over their own needs. It wouldbe trivial for them to simply add 127.0.0.1 (either in the extension, orby documentation) without caring about the implications or impact on theuser.

As an alternative, while it's clunky and annoying to use, you couldconsider using 1Password's "Autotype", which allows the 1Password clientto "type" username and password data into the browser (or otherapplication) without using the clipboard or any extension.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] 1PassWord Firefox extension
  - From: Graham & Heather Harrison

Prev by Author: Re: [tor-talk] Request: Firefox extension/addon checking tutorial
Next by Author: Re: [tor-talk] Privacy Badger
Previous by thread: Re: [tor-talk] 1PassWord Firefox extension
Next by thread: [tor-talk] Privacy Badger
Index(es):
- Author
- Thread