[tor-talk] any issue with TBB extensions auto updating?
tagnaq
tagnaq at gmail.com
Mon May 14 20:34:17 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> Is there any anonymity / fingerprinting issue(s) w/ extension
> shipped w/ TBB auto updating during a Tor session?
>
> Default setting in TBB in Addons > Extension under drop box,
> "Update Add-ons Automatically" is checked.
>
> Do No Script, HTTPS Everywhere, TorButton automatically update when
> the default update selection above is checked & does that pose any
> anonymity / fingerprinting issues?
You might be interested in this discussion:
https://lists.torproject.org/pipermail/tor-talk/2011-June/020755.html
https://lists.torproject.org/pipermail/tor-talk/2011-July/020784.html
short version: the exit sees what you are updating (http request) but
can't modify it without being detected.
regarding the prevention of SSL MITM (compromised CAs and the such)
during the update process, you might want to have a look at:
https://trac.torproject.org/projects/tor/ticket/3555
the future of key pinning via HTTP headers
http://tools.ietf.org/rfcmarkup?doc=draft-ietf-websec-key-pinning-01
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk+xbEkACgkQyM26BSNOM7aJ3AEAnWiVA4+And1x/ThB07dH/p6M
Y8KBT51eNVCFKg8GCsgA/AjaTuAsE2tuGhky25py9KCZtqAQsIbKdXQsjAE9U9iD
=dlXp
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list