[tor-bugs] #2918 [Tor bundles/installation]: Audit pidgin for leaks and other privacy issues
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Apr 15 08:52:20 UTC 2011
#2918: Audit pidgin for leaks and other privacy issues
--------------------------------------+-------------------------------------
Reporter: ioerror | Owner: ioerror
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by ioerror):
We should specifically focus our audit on proxy compliance issues. timing
information such as time zones, usernames, local host name leakage, etc
Configure each protocol to use Tor as a SOCKS5 proxy and then check:
* Do we only send traffic over the proxy?
* Do we leak DNS?
* If the proxy is unreachable - do we fail closed?
The Pidgin we ship should disable any protocol support for information
leaks - we should not give remote typing indications, etc.
There are some privacy issues that are unavoidable - any plugin (such as
OTR) allows a remote party to illicit a client response will be able to
calculate network latency. Some protocols allow this by default (IRC),
others have this as matter of functionality (OTR) - we have to find those
issues identify them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2918#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list