For me, a more basic question is whether installing extensions from a fresh Tor installed is (sufficiently) safe....
Very real problem see - https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike watch the slides from 140 onward. Firefox/thunderbird case study detailing just this problem. E75A7CF4 On 2/12/2012 3:00 PM, Patrick Mézard wrote: > Le 12/02/12 16:53, Brian Franklin a écrit : >> Adblock Plus and Ghostery should be included in Tor bundle >> >> Two reasons >> >> 1. Privacy. Fairly obvious why we do this. Stopping ads and ad >> tracking is consistent with the privacy mission of the Tor Project. >> >> 2. Network health. Congestion has always been a problem on Tor. >> Installing these plugins to stop HTTP requests which don't help the >> user reduces congestion on the network and speeds up page loads for >> each user and everybody else. Browsers won't be slowed down loading >> tons of ads and ad scripts and the network won't have to process many >> requests for junk. I think we can save a ton of bandwidth by stopping >> the junk requests. > For me, a more basic question is whether installing extensions from a fresh > Tor installed is (sufficiently) safe. I do not know the details of the > process but it probably involves some HTTPS connections to > addons.mozilla.org. If the exit node can perform MITM attacks on SSL you may > end up installing something unwanted. Could the initial setup be made safer, > for instance by storing digests of addons.mozilla.org certificate in Tor > bundles at build time and *warn* if they do not match (like a specialized > Certificate Patrol would do)? Is it already addressed in Firefox? > -- > Patrick Mézard > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
