[tor-bugs] #2634 [Tor bundles/installation]: unable to use windows update functionality with tor enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 6 06:39:56 UTC 2013


#2634: unable to use windows update functionality with tor enabled
-----------------------------------------+----------------------------------
    Reporter:  marshall_banana           |       Owner:  erinn           
        Type:  defect                    |      Status:  closed          
    Priority:  normal                    |   Milestone:  Tor: unspecified
   Component:  Tor bundles/installation  |     Version:  Vidalia 0.2.10  
  Resolution:  wontfix                   |    Keywords:                  
      Parent:                            |      Points:                  
Actualpoints:                            |  
-----------------------------------------+----------------------------------

Comment(by badon):

 Replying to [comment:1 rransom]:
 > Internet Explorer is not safe to use with Tor.  Use Firefox with
 Torbutton instead.

 I registered just to comment on this. Actually, nothing is safe to use
 with Tor. To deter advanced users from using anything other than Firefox
 with Torbutton (replaced by the Tor Browser Bundle) is ignorant of use
 cases that can benefit from Tor that don't involve mundane web browsing.
 For example, if a whistleblower needed to hide his location, but still use
 a computer + LAN to continue his work, Tor Browser Bundle would not be
 adequate, and his location would be quickly targeted by a drone missile as
 soon as he tries to run Windows Update.

 The most common use case is anonymity, which the Tor Browser Bundle tries
 to server, and the Tor Project discourages novices from trying to do
 anything else with Tor. But, for people with other use cases, and arguably
 more important ones like the aforementioned whistleblower, there is a way
 to make Tor reasonably safe for the minimum of hiding a location. I wrote
 an article titled "10 steps to make Tor safer with pfSense", here:

 https://www.livebusinesschat.com/smf/index.php?topic=5410.0

 Essentially, the only thing that setup attempts to do is block anything
 that's not going through a Tor bridge. Using a bridge conceals Tor usage,
 which will make it harder for an adversary to narrow down someone's
 location just by looking for Tor users. From there, anything that needs to
 be used will fail safe instead of fail deadly. Instead of Windows Update
 luring the bad guys to your base on the moon, it simply won't work until
 it is configured correctly.

 I just did a startpage.com search for the follow:

 "windows update" tor

 ...and it brought me here in the first 2 results. Clearly, there is need
 for more than just basic anonymity when web browsing, especially for a
 person who is not anonymous, and possibly already vulnerable to being
 targeted. Simply because there's some web browser that's better than some
 other web browser is not a legitimate reason to close this bug as wontfix
 - that's not the issue here! Although this may not be a problem the Tor
 Project can solve via a bug report on Tor, but certainly it is solvable,
 and shouldn't be dismissed so abruptly.

 I'm looking for a solution myself, and I'm surprised at how difficult this
 is. Not even Proxifier can reroute Windows Update traffic through a proxy,
 but lucky for me, pfSense blocked it from revealing my location. Dare I
 say that Windows Update is DESIGNED to be a tool for locating people?
 marshall_banana, if you can discuss this issue elsewhere away from the Tor
 bug tracking system, let's do.

 Note: pfSense blocks Tor Browser Bundle's DNS leak bug, which could have
 been catastrophic for some people. pfSense might be something that ought
 to be recommended together with TBB, if you want TBB to be safe, or at
 least safer.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2634#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list