-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 1) I notice from UK on vodafone or sainsburys mobile torproject.org ssl certificate comes up faulty and chrome blocks it. But on the Tor network the site works fine (I downloaded CetfificatePatrol and it says the proper certificate is digicert), obvioulsly SSL observatory wont pick this up cos its the Chrome browser not Firefox.
After the talk we had about fake certificates and the unlikelyhood of them using fake certs on everyone, but it would still be worth concentrating there efforts only on people who use the tor website so could this be such an attack? only it appears google chromes browser is capable of detecting and stopping it (others might not be so lucky or just click through it). People would assume theres something wrong with the site or write it off as the site being blocked and ignore it. They could correlate people that accessed the Tor site on the clear web against Tor client users, get there IPs so they know who to watch or at least they know you are using a Tor client and at worst if the user clicked through could get contaminated updates. Sadly probably nothing that can be done about this, except maybe using stronger browsers, and better setups like the the Firefox Tor bundle that bypass it. 2) Regulating open source browsers, like thats ever gonna work, people will just download and compile old versions, and anyone can write a http client anyway. Still maybe worth talking to them tho, thanks for the heads up. 3) a Tor2web proxy (and versions of) probably arnt a good idea, the reason darknets/F2F networks work is because you only share with trusted friends not everyone, its the lack of the global view that makes it hard for the enermy to attack the system (in this case they would attack your proxy), i know adding anonymity to the equation and being a conduit rather that a host changes the situation a bit, but I still doubt google would like bad content being accessible *even* if you arnt the one hosting it, I could be wrong. ~TheMindwareGroup themindwaregr...@gmail.com PGP: 0xf4b6586f -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJS1ru6AAoJEKcLVST0tlhvsdkH/1HVzPOeC0NOyBxSzXWtzeqz 4ldB3Lj/t2qnNe0lOGkQv3tSLwW2LipNJ06I7APO24CQNbIFuw3k6vkzKJRe02p5 M+omng6nOVAZtxk/zMVFVRy/FZSli5hkqFpZtCSr56i9L9/kI3GAAdSkVXuUr552 m6skiKPoomdncnkDiRuzk+4NEx12vYXUO3LEMn3KDqe3W/HmYnFqTli2A/mKNYPD UBywPqaZiEMmnXfLbDUgvbcKjCflZ/3Q9FkN3DK21oCgbULk5q0UmPVf9rx4lKbC kG/sEecb4VHPXogy2e9IFlIE+M0jfF7gKls+oPnWj70PScu/7l+7cphOsL1C5Mc= =OMQD -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
