[tor-talk] Wired Story on Uncovering Users of Hidden Services.
Aymeric Vitte
vitteaymeric at gmail.com
Thu Aug 14 22:48:08 UTC 2014
I am "defensive" because you seem to make a general case of something
that can only happen in case of browser's/OS bug, and conveying to Tor
users that they should not use js is a non sense, you make believe them
that intrinsically js can easily leak their ip and/or mac addresses,
which is wrong, this can happen under extraordinary circumstances that
have nothing to do with js, here a windows/ff bug, which could have been
a css attack or whatever.
Regards,
Le 14/08/2014 11:06, Anders Andersson a écrit :
> On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte <vitteaymeric at gmail.com> wrote:
>
>>> As
>>> someone who argues against using javascript in any context, I can only
>>> say "told you so", but that doesn't really help anyone. :)
>> No and you are wrong
> From https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
> "An attack that exploits a Firefox vulnerability in JavaScript has
> been observed in the wild."
> People who didn't allow javascript were safe.
>
>
>>> Because they managed to get in to the client browser, they could learn
>>> the real IP address and MAC address
>> and the color of your shirt
> Why are you so defensive? Is it your code they broke? They could learn
> the color of my shirt if the browser user has access to a webcam,
> which is not uncommon. This is however highly irrelevant.
>
>
>>> , they didn't learn this through
>>> Tor.
>> Are you serious in your answer?
> Very much so. If you don't believe me, then maybe you'll believe these sources:
>
> https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
> https://www.mozilla.org/security/announce/2013/mfsa2013-53.html
>
> Nothing was exploited through Tor. In fact, they couldn't find out who
> was using the server *because* people used Tor. So they had to resort
> to javascript exploits.
--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the tor-talk
mailing list