[tor-talk] Anonymous Blogging with Tor and Wordpress?

Geoff Down geoffdown at fastmail.net
Mon Apr 29 23:27:23 UTC 2013 


On Mon, Apr 29, 2013, at 11:54 PM, adrelanos wrote:
> Hi Jennifer!
> 
> Jennifer Parsons:
> > The source that I see splashed everywhere is
> > Ethan Zuckerman's guide, but that hasn't been updated since
> > 2009--practically 10,000 years ago in internet time.  The guide is here:
> > http://advocacy.globalvoicesonline.org/projects/guide/
> 
> Agreed.
> 
> >    - Is the information in the guide still valid, or is it out of date?
> 
> Outdated. (It still recommends Tor Button, which as stand alone has been
> deprecated.)
> 
> >    - Has anyone actually tried to make and break a Wordpress blog's
> >    Tor-guarded anonymity lately?  I mean, do we actually *know *that Tor
> >    works for this purpose, or is it just something that "everybody says"?
> 
> Unknown. I don't remember any specific news or research papers exactly
> on that topic.
> 
> >    - Are there any recently-added or possible-to-enable features of
> >    Wordpress (i.e. javascripts) that could reveal my IP address to Wordpress?
> 
> As far as I watch The Tor Project, there are currently no IP bypass bugs
> in TBB (Tor Browser Bundle).
> 
> IP bypass bugs are unfortunately not the only means of de-anonymization.
> In general, the more knowledge one has and the more effort someone puts
> into this, the safer one can become.
> 
> > If you can give me some guidance on these issues, I'd be happy to put
> > together a new guide updated for our modern era so that everyone can
> > benefit.  :)
> 
> I am not aware of any general anonymity guide/book (specific to
> wordpress).
> 
> Tails, JonDo and Whonix however have up to date documentation, which is
> always a bit specific to those projects, covers general anonymity
> instructions nonetheless.
> 
> - https://tails.boum.org/doc/index.en.html
> - https://anonymous-proxy-servers.net/en/help/index.html
> - http://sourceforge.net/p/whonix/wiki/Documentation/
> - http://sourceforge.net/p/whonix/wiki/Surfing_Posting_Blogging/
> 
> Cheers,
> adrelanos

This may be relevant, from the APWG Global Phishing survey:
"In late 2012 into 2013, we have seen the rise of automated
tools and attacking botnets that are targeting shared hosting
environments, and
particularly WordPress, cPanel, and Joomla installations. These attacks
take a variety of
forms from brute-force logins to exploiting known vulnerabilities.
Reports show that 10’s if
not 100’s of thousands of these shared servers have been cracked by such
techniques."
 That's where VMs and special OSs come in I guess - defence in depth.
GD

-- 
http://www.fastmail.fm - IMAP accessible web-mail

More information about the tor-talk mailing list