[tor-talk] NoScript for TOR disabled by default

Sukhoi sukhoi47 at gmx.net
Sat Feb 1 03:03:02 UTC 2014 

On 31/01/2014 13:20, Joe Btfsplk wrote:
> On 1/31/2014 8:00 AM, Olivier Cornu wrote:
>> Le 31/01/2014 01:18, Joe Btfsplk a écrit :
>>> On 1/30/2014 9:22 AM, Sukhoi wrote:
>>>> In fact, I am worried with the Wireless Position System developed by
>>>> google and others, and the introduction in the browsers, like 
>>>> firefox, a
>>>> way to track which wireless networks the computer can "see" in a given
>>>> moment. Based on that they identify the user physical (because google
>>>> street view mapped the wireless network physical location), 
>>>> fingerprint
>>>> the computer and, possibly, track other key information.
>>>>
>>>> Seems that this critical issue is not currently handled by TOR.
>>> OK - why would Mozilla want to track the location of users?
>> It does not have to be Mozilla, it could also be any website visited:
>> http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location 
>>
>>
>> Where Mozilla might be held responsible is because the corresponding bug
>> has had an open ticket for almost 8 years:
>> https://bugzilla.mozilla.org/show_bug.cgi?id=354493
>>
>> But perhaps I misunderstood what Sukhoi meant…
> I understood that it's websites (or trackers like Google) that would 
> gather data. But the ability to do it - bug or whatever - comes from 
> the browser or other technology, from Mozilla, Google, others.


I am talking about tracking by google and other sites to identify the 
user physical location.

Bug is an issue, as always, but now the browsers have a native and 
specifically designed funcionality to track the location by looking the 
wireless networks the user's computer can "see".

The functionality is to help users that "do not know where they are". 
Yes, yes, and I believe also in Santa Clauss...

Firefox has that functionality and this is not a coincidence. 90% of 
Firefox Foundation funds are by Google.
Google core business is steal data to sell to governments and anybody 
else that can pay.
Since the beginning Google has been funded by In-Q-Tel, a CIA arm.

Regardless of anything else, if the intention is good or not, that 
tracking functionality has the potential to by-pass the TOR techniques 
to hide the user identity. TOR developer team is doing a great job and, 
IMHO, fix that issue will corroborate to keep the TOR's value and 
purpose for the community.


Another big threat that SSL, AES and other encryption protocols used by 
TOR network probably are compromised by NSA:
http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/


Sukhoi

More information about the tor-talk mailing list