Downloading attachments with Tor - is this secure?

Aplin, Justin M jmaplin at
Sat Jun 19 13:15:15 UTC 2010

> Yes, if you use Torbutton, the attachment itself will be downloaded
> only via Tor.

I believe this is the short answer to your question, though everything 
else Mike said is good to keep in mind as well, especially in situations 
where paranoia is appropriate.

> This is especially dangerous if you are using Yahoo Mail, because even
> if you trust the person who sent you the document, your attachment
> will be downloaded in plaintext (via http, not https).

Watch out for this. Yahoo's *login* page for webmail and other services 
may be HTTPS, but this reverts to plain HTTP once you're actually 
viewing your mail and downloading attachments. A simple solution for 
secure webmail at the moment is using Gmail and the new Firefox addon 
"HTTPS-Everywhere" available from . 
This addon is *NOT* magic, as it only works with the particular list of 
websites available on its option page, but making sure "Google Services" 
is checked in it's options will allow all Gmail connections (including 
downloading attachments) to happen over HTTPS.

~Justin Aplin
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list