Torbutton Documentation - Adversary Capabilities.

Matthew pumpkin at cotse.net
Mon Jul 12 22:47:01 UTC 2010


  Hello,

I have been reading the Torbutton documentation (thanks, guys) and have a 
question about the adversary capabilities.

The first adversary capability is "inserting javascript".  The document 
says that "If not properly disabled, Javascript event handlers and timers 
can cause the browser to perform network activity after Tor has been 
disabled, thus allowing the adversary to correlate Tor and Non-Tor activity 
and reveal a user's non-Tor IP address."

The third adversary capability is "inserting CSS".  The document says that 
"CSS can also be used to correlate Tor and Non-Tor activity and reveal a 
user's Non-Tor IP address, via the usage of CSS popups - essentially 
CSS-based event handlers that fetch content via CSS's onmouseover 
attribute. If these popups are allowed to perform network activity in a 
different Tor state than they were loaded in, they can easily correlate Tor 
and Non-Tor activity and reveal a user's IP address."

I understand that Torbutton is useful for protecting privacy in multiple 
ways.  But I would like to address this specific issue if I may.

Let us imagine that a user surfs the net using Tor (and Polipo or 
Privoxy).  He has JavaScript installed and uses it for all sites.  He 
finishes his activities and then closes his browser.  He then wipes the 
following files and directories (I am using Ubuntu as my example):

/.mozilla/firefox/nameofuser/cookies.sqlite
/.mozilla/firefox/nameofuser/downloads.sqlite
/.mozilla/firefox/nameofuser/cookies.sqlite-journal
/.mozilla/firefox/nameofuser/places.sqlite
/.mozilla/firefox/nameofuser/places.sqlite-journal
/.mozilla/firefox/nameofuser/formhistory.sqlite

/.mozilla/firefox/nameofuser/Cache/

Now I assume that these Javascript events and handlers and the CSS handlers 
were downloaded into the Cache from when the user was browsing using Tor.  
They would then be deleted as detailed above. Therefore, when the user 
loads up Firefox and turns off the Tor proxy settings, presumably the 
potential for JavaScript or CSS to connect Tor and non-Tor activity and get 
the users real (non-Tor) IP address is no longer a concern?

Is this correct?  Or am I missing something?  Just to re-state: I am only 
looking at this one issue - I am well aware of how useful Tor button is in 
other areas!

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100712/b9d5f005/attachment.htm>


More information about the tor-talk mailing list