[tor-talk] How secure is check.torproject.org?

Katya Titov kattitov at yandex.com
Thu Nov 21 11:08:30 UTC 2013

Roger Dingledine:
> Almost true. check.tp.o will no longer be the homepage (which also
> gives a usability advantage on startup -- a local homepage will mean
> you're not waiting for some outside page to load, and you're not
> doing it while your Tor is bootstrapping its directory information,
> making things seem even slower than they will be).
> But TBB in the background will still fetch
> https://check.torproject.org/RecommendedTBBVersions
> to decide if you need to upgrade without telling anybody your version.
> But that happens asynchronously, in the background, and doesn't need
> to run javascript (at least, not externally fetched javascript).
> So yes, the answer is that pretty soon the check website won't be the
> bottleneck that it currently is.

Just out of interest, why doesn't the current TBB load a .onion address
to check that Tor is working correctly? Or two tabs, one loading the
current check site and one loading a hidden service version?

The HS version would demonstrate beyond a doubt that you're
communicating over Tor.

More information about the tor-talk mailing list