[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recommendations for browsing via Tor pre tor-browser?

From: Christopher Lemmer Webber
Subject: Re: Recommendations for browsing via Tor pre tor-browser?
Date: Thu, 19 Jul 2018 12:23:23 -0400
User-agent: mu4e 1.0; emacs 26.1

Chris Marusich writes:

> I know what you mean, but I think having TOR listen on localhost is
> safer than having a Guile REPL listen on localhost.  In the case of
> Guile, the risk is arbitrary code execution.  In the case of TOR, I
> suppose the risks might be that an attacker would be able to make
> requests over TOR from your machine.  Perhaps by making such requests,
> they might also be able to infer that you are using TOR (although it's
> already possible to determine that a person is using TOR simply by
> watching their IP traffic).  In any case, since TOR is functioning as a
> proxy, not a Turing-complete programming language, the things an
> attacker could do or learn by making requests from your machine to the
> localhost TOR seem limited.  Compared to the risk of arbitrary code
> execution, it seems much safer to me.

What about sending messages to a specific .onion address to unmask you?
If you send a unique request to http://foobarbaz.onion/?id=50108560 (or
ip=...) you might be able to associate a specific address.

It may be that this is not as easily possible since I suspect Tor is not
as susceptable to a line-oriented attack, so maybe it's not a concern...
I dunno.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]