[tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?

[antispam06 at sent.at]

On Fri, Oct 5, 2012, at 18:27, adrelanos wrote:
> The official bug tracker is better for requests. I've submitted such a
> request a while ago. [1] [2] [3] Nothing wrong repeating this one the
> mailing list, maybe more people read it so we get more input.

The bug tracker might or should be better for requests. I don't think
that applies to this. The bugtracker is for the hardworking people
behind the Tor Project. Thanks to them unimaginable things can be done
in this mess offered by the nearsighted (lazy?) geeks of the '70s and
'80s. Or maybe it's the society at large silly enough to grow dependent
on poisoned tools. But that's another discussion alltogether. My request
goes to the community at large. The users. The security experts that
don't have the time to work on the Project, but could shed some light
onto this issue. I'd love the Tor people to examine the offered
documentation.
 
> Right now, even if the upstream developer(s) were willing to to research
> the question if their application is Tor-safe, they wouldn't have a
> guide what they should look for. Ok, all traffic through socks5 proxy;
> remote DNS; don't transfer IP inside the protocol... But what about do
> not transmit the users time zone, users clock, users fonts, operating
> system's account name, kernel version, application version, etc.
> 
> [1]
> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#Howtoreviewanapplication
> [2]
> https://lists.torproject.org/pipermail/tor-talk/2012-April/024010.html
> [3] https://trac.torproject.org/projects/tor/ticket/5553

Thanks for the links. I'll go though them this weekend.