Downloading attachments with Tor - is this secure?
Aplin, Justin M
jmaplin at ufl.edu
Sat Jun 19 13:15:15 UTC 2010
> Yes, if you use Torbutton, the attachment itself will be downloaded
> only via Tor.
>
I believe this is the short answer to your question, though everything
else Mike said is good to keep in mind as well, especially in situations
where paranoia is appropriate.
> This is especially dangerous if you are using Yahoo Mail, because even
> if you trust the person who sent you the document, your attachment
> will be downloaded in plaintext (via http, not https).
>
Watch out for this. Yahoo's *login* page for webmail and other services
may be HTTPS, but this reverts to plain HTTP once you're actually
viewing your mail and downloading attachments. A simple solution for
secure webmail at the moment is using Gmail and the new Firefox addon
"HTTPS-Everywhere" available from https://www.eff.org/https-everywhere .
This addon is *NOT* magic, as it only works with the particular list of
websites available on its option page, but making sure "Google Services"
is checked in it's options will allow all Gmail connections (including
downloading attachments) to happen over HTTPS.
~Justin Aplin
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list