Some Bones to Pick with Tor Admins

Ted Smith teddks at gmail.com
Wed Feb 11 03:51:15 UTC 2009 

On Tue, 2009-02-10 at 22:26 -0500, Nick Mathewson wrote:
> On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote:
> > On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > It absolutely would. Here are some things TorButton defends against that
> > > wouldn't be covered in your scenario:
> > > 
> > > 1. Unauthenticated Updates
> > > 2. CSS Tracking (I think it does anyways)
> > > 3. Flash and auto-opening of files
> > > 4. Browser referral and user-agent tracking
> > > 
> > > Ringo
> > > 
> > To be fair, though, 1, 3, and 4 could be configured away in default
> > FireFox. Updates can be disabled, flash can be removed, files can be set
> > to "ask", referrals can be disabled, and UA can be modified in firefox
> > or in Privoxy.
> 
> As Martin notes, privoxy won't modify your SSL connections for you.
> 
> Torbutton protects against many other attacks that regular Firefox
> configuration can't protect you against, too.  See the Torbutton
> design document at https://www.torproject.org/torbutton/design/ for a
> more full list.
> 
The only things I see in the "Adversary Attacks" section that could be
an issue are fingerprinting attacks, and of course exploitation. What am
I missing? And is there any way to get the benefits of Torbutton without
any of the state-saving aspects? Like the previous poster, I have a
separated Firefox profile I use for Tor, so separation of Tor and
non-Tor state isn't an issue for me.

What would it take to split off the filtering/hardening aspects of
Torbutton from the state-watching part, and just have an independent
anonymity-enhancing addon? I'd rather not trust one piece of software
with all of my anonymity, so I want to keep my system separated the
old-fashioned way, with plugins/cache/history/cookies/javascript that
could be used against me. This way, even if Torbutton fails, I still
have a modicum of safety against some attacks.

My configuration passes the decloak engine test with flying colors,
though I understand that's nowhere near comprehensive... ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090210/a50ba7d5/attachment.pgp>

More information about the tor-talk mailing list