[tor-bugs] #9195 [Tor bundles/installation]: Bad default setting in Tor Browser Bundle poses a severe privacy risk.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 2 22:15:16 UTC 2013


#9195: Bad default setting in Tor Browser Bundle poses a severe privacy risk.
---------------------------------------+------------------------------------
 Reporter:  cypherpunks                |          Owner:  erinn
     Type:  defect                     |         Status:  new  
 Priority:  critical                   |      Milestone:       
Component:  Tor bundles/installation   |        Version:       
 Keywords:  tbb-pref, MikePerry201307  |         Parent:       
   Points:                             |   Actualpoints:       
---------------------------------------+------------------------------------
Changes (by mikeperry):

  * keywords:  Tor Browser Bundle => tbb-pref, MikePerry201307
  * priority:  major => critical


Comment:

 Thank you for the detailed explanation. I didn't realize that AV systems
 had moved into the cloud for verifying stuff like this.

 Also, seems incredibly invasive way for them to do it, too.. Why didn't
 they just use a bloom filter or similar mechanism to query for and
 download hash lists before resorting to such a submission (like how
 Google's safebrowsing lists work)?

 Are they purposefully doing it wrong to collect/mine/sell user data, I
 wonder? Someone should probably also contact a few tech reporters about
 this (if they haven't already reported on it). There is no technical
 reason for these AV systems to work this way.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9195#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list