[tor-talk] HTML5 video and Tor anonymity.

Marco Bonetti sid77 at slackware.it
Tue Apr 30 22:49:11 UTC 2013


TL;DR: If you're using TBB, you are safe

I address this specific problem at DeepSec 2009 with the talk "Breaking Tor Sessions with HTML5", at the time it was possible to de-anonimyze a Tor user using the HTML5 video tag together with a specific poster attribute.
The idea was to instruct the browser to fetch the main video via http and the poster via ftp, bypassing Tor.
TorButton and the Tor Browser Bundle in general put defenses into place to protect your from this kind of attack.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.


More information about the tor-talk mailing list