-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun 20 Apr 2014 01:18:36 AM CEST, Michael Wolf wrote:
On 4/19/2014 1:48 AM, Gunes Acar wrote:
Sorry everyone for the long pause.
I wrote down a proposal (and some code) to address issues raised by Mike and George: https://securehomes.esat.kuleuven.be/~gacar/summer_2014.pdf
Looking for your comments and critics...
I don't see it mentioned anywhere specifically so I'll ask: Since this is targeting Tor users, shouldn't this be implemented as a hidden service? You'd still have to deal with and filter tor2web users, of course.
Actually, I don't see any reason to hide the service. We'll be keeping the fingerprints along with the TBB versions, so having other visitors shouldn't hurt. Anything I miss?
As a bonus, a hidden service will make obvious which visitors are using non-TBB browsers with Tor, and you can give big scary warnings to these people.
Hopefully, the site will have enough fingerprinting tests to tell TBB users from others :) But, big, scary warnings will be definitely needed!
-- Mike _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTVA2gAAoJEPb7JcMmVt4gKtcH/3AczgvGLNCTVEXuD6CbpKlw 7GPZuLcTnHvqgRYKa8BnjeA+Ui9hnozFa6sdhJuOqos9mD+JA9ugNNjyb647CyFO cGsCbsFaDZ4TTwenXzKWIlfEp4cY0IULvqbxNor5r9eOilKavuQ57fnQZh98yMLP MJ4wF/p1USrk6VMunXoHCotsr+SEtfRyAyoObp4vi9kvQKNQV8+nKGHvOrAjQn9M W0V4SKb+SPZ6h6IRcnPfvQcglZCdcmxne7E8ULl2UV8BCbUTod58MhWA1BoPpZRG qRqJoJQ9X9BS7H7QJ8WFjC6jF03vHz+n2grb+YiVvRHCR9A7j8fRFzHo84VKGy0= =39v/ -----END PGP SIGNATURE-----