Warnings on the download page (was: yet another tor attack)

Robert Hogan robert at roberthogan.net
Thu Mar 8 19:07:22 UTC 2007


On Thursday 08 March 2007 10:30, Roger Dingledine wrote:
> On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote:
> > The Tor download page should have a concice "Things to know before
> > downloading" section that lists a few key points about the most easy
> > ways your identity can be revealed through Tor. Something like
>
> Mike and I just whipped up an early version of this here:
>
> http://tor.eff.org/download.html.en#Warning
>
> (Thanks Mike!)
>
> Let us know if you have any fixes or more issues to list. Eventually
> this should get its own page, with more details, etc, and then we can
> put just a concise summary (ha ha) on the download page. There are so
> many permutations of applications out there...it's depressing sometimes
> how hard it is to secure the whole Internet.
>
> Also, somebody should write up a page with recommendations for
> configurations/etc of common applications that work well with Tor, for
> tasks other than web browsing -- Gaim comes to mind first for AIM + IRC,
> and we can recommend OTR at the same time. What else is a very common
> task by Tor users who need basic documentation? We probably shouldn't
> try to document Torifying mail delivery at this point (other than "use
> web mail") or Skype ("don't bother, stick with web browsing").
>


What would it take for the tor project to host something like 
http://www.showmyip.com/torstatus/ itself?

The section at the end could be made very meaningful - in that the page could 
run the java/javascript/plugin 'exploit'  that displays your IP or issues an 
explicit warning if running an exploit is not possible or a good idea.

The user would be told to fix the problem, refresh and get the next error 
message (if one), and advised not to proceed with their browsing until the 
page gives them a clean bill of health (with the usual disclaimers).

Vidalia would have a button linking to this test page called 'health check'.

Wesley, could you share your code?

-- 

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net



More information about the tor-talk mailing list