[tor-talk] How secure is check.torproject.org?

Roger Dingledine arma at mit.edu
Sat Nov 23 09:09:20 UTC 2013

On Sat, Nov 23, 2013 at 06:04:54PM +1000, Katya Titov wrote:
> > On Sat, Nov 23, 2013 at 07:35:54AM +1000, Katya Titov wrote:
> >> The advantage that I see is that is there is no way to directly
> >> access a .onion site without using Tor, so it is a clear indicator
> >> that Tor is in use, visible to the user.
> > 
> > Not necessarily. Imagine a local network attacker who sees your
> > request for a .onion address go out on the local network, and then
> > supplies you with a DNS answer and then a webpage when you ask for
> > one. Now you're not using Tor, but you think you are.
> But if we're talking about TBB then a local network attacker should
> never see the request, just the resultant Tor traffic. Unless my
> understanding is very off.

If we're talking about TBB and it's working correctly, then there's no
need to check if it's working correctly, right? :)

Check.tp.o is from a time before TBB was standard, when users were trying
to muck with their proxy settings, install an extension, or otherwise
make their Tor work.

> > The correct answer is for TBB to do some self-tests of its proxy
> > settings, and not ask the big bad scary internet.
> I certainly agree here, but I'm also a visual person. I use the Network
> Map a lot to see that the traffic is passing through Tor. (This is one
> of my issues with the 3.0 series - no Network Map. I've had a look at
> writing FF plugins but they seem beyond my ability, or at least require
> more time than I have available at the moment.) I guess that some way to
> internally ensure that it is indeed using Tor as well as a visual cue
> would be nice.

If you trusted the old check, you should trust the new about:tor page
in TBB 3 at least as much. It's more accurate, and it loads quicker too.

As for having a network map for TBB 3, I agree in theory. But somebody
needs to actually do it. Promising routes include writing it into Tor
Launcher (harder to do, but easier to maintain and probably safer)
or writing instructions for how best to attach your (old, eventually
obsolete) Vidalia to your shiny new TBB 3.


More information about the tor-talk mailing list