[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Recommendations for browsing via Tor pre tor-browser?
|
From: |
Christopher Lemmer Webber |
|
Subject: |
Re: Recommendations for browsing via Tor pre tor-browser? |
|
Date: |
Thu, 19 Jul 2018 12:23:23 -0400 |
|
User-agent: |
mu4e 1.0; emacs 26.1 |
Chris Marusich writes:
> I know what you mean, but I think having TOR listen on localhost is
> safer than having a Guile REPL listen on localhost. In the case of
> Guile, the risk is arbitrary code execution. In the case of TOR, I
> suppose the risks might be that an attacker would be able to make
> requests over TOR from your machine. Perhaps by making such requests,
> they might also be able to infer that you are using TOR (although it's
> already possible to determine that a person is using TOR simply by
> watching their IP traffic). In any case, since TOR is functioning as a
> proxy, not a Turing-complete programming language, the things an
> attacker could do or learn by making requests from your machine to the
> localhost TOR seem limited. Compared to the risk of arbitrary code
> execution, it seems much safer to me.
What about sending messages to a specific .onion address to unmask you?
If you send a unique request to http://foobarbaz.onion/?id=50108560 (or
ip=...) you might be able to associate a specific address.
It may be that this is not as easily possible since I suspect Tor is not
as susceptable to a line-oriented attack, so maybe it's not a concern...
I dunno.
Re: Recommendations for browsing via Tor pre tor-browser?, Nils Gillmann, 2018/07/16
Re: Recommendations for browsing via Tor pre tor-browser?, Devan Carpenter, 2018/07/19