Downloading attachments with Tor - is this secure?

Scott Bennett bennett at cs.niu.edu
Tue Jun 22 07:49:15 UTC 2010


     On Sat, 19 Jun 2010 09:15:15 -0400 "Aplin, Justin M" <jmaplin at ufl.edu>
wrote:
>> Yes, if you use Torbutton, the attachment itself will be downloaded
>> only via Tor.
>>    
>
>I believe this is the short answer to your question, though everything 
>else Mike said is good to keep in mind as well, especially in situations 
>where paranoia is appropriate.
>
>> This is especially dangerous if you are using Yahoo Mail, because even
>> if you trust the person who sent you the document, your attachment
>> will be downloaded in plaintext (via http, not https).
>>    
>
>Watch out for this. Yahoo's *login* page for webmail and other services 
>may be HTTPS, but this reverts to plain HTTP once you're actually 
>viewing your mail and downloading attachments. A simple solution for 
>secure webmail at the moment is using Gmail and the new Firefox addon 
>"HTTPS-Everywhere" available from https://www.eff.org/https-everywhere . 
>This addon is *NOT* magic, as it only works with the particular list of 
>websites available on its option page, but making sure "Google Services" 
>is checked in it's options will allow all Gmail connections (including 
>downloading attachments) to happen over HTTPS.
>
     While HTTPS-Everywhere may be a nice programming exercise for its
author(s), it appears wholly unnecessary for Firefox users because Firefox
users should *ALREADY* be using NoScript, which allows one to accomplish
the same thing, but also provides mountains of other protective measures.
Don't be fooled into thinking that HTTPS-Everywhere can protect your
anonymity or your privacy.  If you and/or the OP continue to refuse to
use NoScript, then sooner or later you and/or the OP will get burned and
will thus be taught the hard way the lesson you should have understood by
now.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list