[tor-talk] Adblock Plus and Ghostery should be included in Tor bundle

Joe Btfsplk joebtfsplk at gmx.com
Mon Feb 13 01:03:36 UTC 2012


On 2/12/2012 3:00 PM, Patrick Mézard wrote:
> For me, a more basic question is whether installing extensions from a 
> fresh Tor installed is (sufficiently) safe. I do not know the details 
> of the process but it probably involves some HTTPS connections to 
> addons.mozilla.org. If the exit node can perform MITM attacks on SSL 
> you may end up installing something unwanted. Could the initial setup 
> be made safer, for instance by storing digests of addons.mozilla.org 
> certificate in Tor bundles at build time and *warn* if they do not 
> match (like a specialized Certificate Patrol would do)? Is it already 
> addressed in Firefox? --
Can't checking for addons' "check for updates" be unchecked in Aurora / 
Firefox Options?  As well as for the browser & search plugins?  Does 
that not solve the problem of some addon connecting to MAO during a Tor 
session?


More information about the tor-talk mailing list