In the web page here:
https://www.torproject.org/download/download.html.en#warning
advises us not to "... open documents downloaded through Tor while online"
Many technical manuals and scientific papers are written in pdf format, and I usually read them.
So my question is:
Is it safe to download them with TBB first and then open them with, say, "Document Viewer" ?
Where can I find more information about it ?
Lluís, Spain
Lluís wrote:
The reason for this is that offline applications can leak information outside of Tor. If the file downloaded contained an identifier unique to your Tor connection, and an application outside of that Tor connection leaked the identifier, then it would breach anonymity.
For example, if you downloaded a HTML page as a file and an image contained a unique ID this could occur.
To answer your question (or not really):
I'm not sure whether Evince (I'm assuming this is what you're referring to) leaks information, e.g. downloading of external resources.
By the way, Tails solves this problem by forcing all applications to go through Tor.
Yes, I meant Evince Document Viewer.
And about the built-in pdf reader, that vitually solves the issue.
If a suggestion might be accepted, a description, or a mention, to the built-in reader in the TBB welcome page, might be useful to newbies.
By the way, applies the same to the already downloaded pdf docs ?
Lluís Spain
On 10/16/2014 01:13 PM, Andrew Roffey wrote:
By the way, applies the same to the already downloaded pdf docs ?
yes.
It applies to everything you download and feed to an application which has internet access and which might connect to the internet based on information within the file or the filename for that matter.
For a more complete security analysis I think about it like this:
- If I download a document not over https correctly certified: the server, the last tor node and any routers between that last tor node and the server can inject something in the document - If I download a document from a server with correct https: the server (potentially hacked) could try to identify me, on top of any reservations you might have about https
By all means, that's a lot of leaks if you are concerned about your security, so it is strongly adviced to open documents in Tails or in a VM that has no internet access. On top of that, it could be difficult to verify documents and clean them if you want to store them for later use and distribution, so in that case use a clean tor connection not related to other sensitive internet traffic.
If you use tor for your everyday browsing as an extra privacy measure, than downloading a random scientific paper and opening it will probably be low risk. Just keep in mind that the last tor node is an extra MITM that makes tor under quite a few circumstances less secure than direct internet connection (since anyone can run one). So if your evince has a buffer overflow bug for example, that's an extra person who could try to exploit it (again unless you use valid https) and this sort of exploit works on any document, regardless of whether the contents are sensitive or not.
It's up to you to figure out your security needs.
Naja Melan
Lluís wrote:
Also, if you use the in-built PDF reader in Tor Browser then you should be safe. But not all PDF downloads use the correct PDF MIME type, which is why your browser might want to download it and show that particular error.
On 10/16/2014 04:21 AM, Lluís wrote:
You can also use the Whonix VMs. There are two Debian VMs in VirtualBox. One serves as a Tor gateway (with multiple app-specific SocksPorts, not just TransPort). The workspace VM can only reach the Internet via Tor, so nothing can leak. If the gateway VM is down or broken, the workspace VM has no Internet access.
The Whonix wiki has tons of information about all of these issues.
tor-relays@lists.torproject.org
-
Andrew Roffey -
Lluís -
Mirimir -
Naja Melan