From: Christopher Lemmer Webber <cwebber@dustycloud.org>
To: Chris Marusich <cmmarusich@gmail.com>
Cc: help-guix <help-guix@gnu.org>
Subject: Re: Recommendations for browsing via Tor pre tor-browser?
Date: Thu, 19 Jul 2018 12:23:23 -0400 [thread overview]
Message-ID: <87in5bi490.fsf@dustycloud.org> (raw)
In-Reply-To: <87wotriunz.fsf@gmail.com>
Chris Marusich writes:
> I know what you mean, but I think having TOR listen on localhost is
> safer than having a Guile REPL listen on localhost. In the case of
> Guile, the risk is arbitrary code execution. In the case of TOR, I
> suppose the risks might be that an attacker would be able to make
> requests over TOR from your machine. Perhaps by making such requests,
> they might also be able to infer that you are using TOR (although it's
> already possible to determine that a person is using TOR simply by
> watching their IP traffic). In any case, since TOR is functioning as a
> proxy, not a Turing-complete programming language, the things an
> attacker could do or learn by making requests from your machine to the
> localhost TOR seem limited. Compared to the risk of arbitrary code
> execution, it seems much safer to me.
What about sending messages to a specific .onion address to unmask you?
If you send a unique request to http://foobarbaz.onion/?id=50108560 (or
ip=...) you might be able to associate a specific address.
It may be that this is not as easily possible since I suspect Tor is not
as susceptable to a line-oriented attack, so maybe it's not a concern...
I dunno.
next prev parent reply other threads:[~2018-07-19 16:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-12 17:03 Recommendations for browsing via Tor pre tor-browser? Christopher Lemmer Webber
2018-07-12 17:46 ` Arun Isaac
2018-07-13 10:56 ` Ricardo Wurmus
2018-07-13 11:02 ` Arun Isaac
2018-07-13 9:41 ` Ludovic Courtès
2018-07-13 12:57 ` Christopher Lemmer Webber
2018-07-19 6:52 ` Chris Marusich
2018-07-19 16:23 ` Christopher Lemmer Webber [this message]
2018-07-20 3:38 ` Chris Marusich
2018-07-20 16:11 ` Christopher Lemmer Webber
2018-07-21 14:53 ` Pierre Neidhardt
2018-07-26 15:16 ` Ludovic Courtès
2018-07-27 2:12 ` Christopher Lemmer Webber
2018-07-16 22:06 ` Nils Gillmann
2018-07-19 9:08 ` Devan Carpenter
2018-07-19 16:24 ` Christopher Lemmer Webber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87in5bi490.fsf@dustycloud.org \
--to=cwebber@dustycloud.org \
--cc=cmmarusich@gmail.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.