Delivery-Date: Thu, 14 Aug 2014 05:06:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AF72B1E06F0;
	Thu, 14 Aug 2014 05:06:41 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6445B309D6;
	Thu, 14 Aug 2014 09:06:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 21E1B309D3
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 09:06:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id SEVzwICVZwri for <tor-talk@lists.torproject.org>;
 Thu, 14 Aug 2014 09:06:34 +0000 (UTC)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com
 [IPv6:2a00:1450:400c:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D0AC230979
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 09:06:33 +0000 (UTC)
Received: by mail-we0-f179.google.com with SMTP id u57so805091wes.10
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 02:06:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=uQW4cmkQVw9DowQgqDh2rSuwRkUxJxW2k+UKWpDYyCs=;
 b=chJqRlNz9+eJTTScYKQoUkTshhS3VKdd67WHksOpmbxiQ0tJM+247kmSpujjTpDJmi
 qBMiCQa0wyKU1o68jsZuUy7EzH23jrMSf2HCWdHb+qrq4i9P0L8/IKQb7ThtubmZy1lH
 ZmGGqJvqNCg5OJm+zxJF0eLjq+fJ5Ev/+EHUGu/Swb6f6bfPGSr4SLQ5vzSn7qx+p0+R
 ARhvHEi237k9fv1Z4WdXmvfCLPN0nmCQfOTSToJ7CXNTXn98mCiYx64wgRPQUKASMP5A
 Hpqy8NmW6PQm4Pklb79n/GBb9AMlxRdpcF0Oe9LP1bH5UEMOGu8O6dzfXq6hUUMlzJ7p
 j/HA==
MIME-Version: 1.0
X-Received: by 10.180.81.169 with SMTP id b9mr10401805wiy.10.1408007190834;
 Thu, 14 Aug 2014 02:06:30 -0700 (PDT)
Received: by 10.180.187.16 with HTTP; Thu, 14 Aug 2014 02:06:30 -0700 (PDT)
In-Reply-To: <53EBDEF5.7040804@gmail.com>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <CAKkunMats8JoVc8wqYrMtWE4f0gTA7RVVWirhuJz6t9sA5dDQQ@mail.gmail.com>
 <53EBDEF5.7040804@gmail.com>
Date: Thu, 14 Aug 2014 11:06:30 +0200
Message-ID: <CAKkunMYRO-R_bs3MtOydCkZ9dJ0SmgSMT8-xVt-wCeuu22oniQ@mail.gmail.com>
From: Anders Andersson <pipatron@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte <vitteaymeric@gmail.com> wrote:

>>   As
>> someone who argues against using javascript in any context, I can only
>> say "told you so", but that doesn't really help anyone. :)
>
> No and you are wrong

From https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
"An attack that exploits a Firefox vulnerability in JavaScript has
been observed in the wild."
People who didn't allow javascript were safe.


>> Because they managed to get in to the client browser, they could learn
>> the real IP address and MAC address
>
> and the color of your shirt

Why are you so defensive? Is it your code they broke? They could learn
the color of my shirt if the browser user has access to a webcam,
which is not uncommon. This is however highly irrelevant.


>> , they didn't learn this through
>> Tor.
>
> Are you serious in your answer?

Very much so. If you don't believe me, then maybe you'll believe these sources:

https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
https://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Nothing was exploited through Tor. In fact, they couldn't find out who
was using the server *because* people used Tor. So they had to resort
to javascript exploits.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

