Delivery-Date: Thu, 14 Aug 2014 18:48:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8160A1E0B95;
	Thu, 14 Aug 2014 18:48:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8299E30A89;
	Thu, 14 Aug 2014 22:48:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 602F130AA6
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 22:48:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id E3V3EpT-9wjs for <tor-talk@lists.torproject.org>;
 Thu, 14 Aug 2014 22:48:09 +0000 (UTC)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com
 [IPv6:2a00:1450:400c:c00::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 187BD30A9B
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 22:48:08 +0000 (UTC)
Received: by mail-wg0-f50.google.com with SMTP id n12so1654467wgh.21
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 15:48:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=ZZ2g+LQrF/DEbefCvXh/QGSyoOI1antgoVyalY3iRF8=;
 b=RP3hQRx4qEGu8fxPdqw4reBSLnQ+s0kTgtxY6lluIpnsgRkVaBdqcg/pWb+a4j4nkb
 zTcUutS0EHxNVb9qIQF/ZSxIrI9nrk73vAjpfFdgOyq+tlRmBbwck8Mad3oabo7TomUV
 8orrWz5hkqFV+T9OFioOHY3WmlYBjc8AFoBooHIlMMmqtxeIO69NYRu0LjoFb0ZkBGlm
 Pq6ANCuRQUWhUjMBTUx/jb8lt7ljxNQvyjYW4TrqlfVIrygAs2S/x9apkug+QyuOgxq9
 VUdxoXd1EE0wlGQV1jZI90xozC8K4bM9YuwcVVZjHAPquDR8Q5n8prWta5HNQT4Lbz2R
 jytQ==
X-Received: by 10.180.38.39 with SMTP id d7mr16009132wik.24.1408056485981;
 Thu, 14 Aug 2014 15:48:05 -0700 (PDT)
Received: from [192.168.1.11] (ANice-652-1-361-109.w83-201.abo.wanadoo.fr.
 [83.201.196.109])
 by mx.google.com with ESMTPSA id pl1sm584664wic.17.2014.08.14.15.48.04
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 14 Aug 2014 15:48:05 -0700 (PDT)
Message-ID: <53ED3CA8.8030705@gmail.com>
Date: Fri, 15 Aug 2014 00:48:08 +0200
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <CAKkunMats8JoVc8wqYrMtWE4f0gTA7RVVWirhuJz6t9sA5dDQQ@mail.gmail.com>
 <53EBDEF5.7040804@gmail.com>
 <CAKkunMYRO-R_bs3MtOydCkZ9dJ0SmgSMT8-xVt-wCeuu22oniQ@mail.gmail.com>
In-Reply-To: <CAKkunMYRO-R_bs3MtOydCkZ9dJ0SmgSMT8-xVt-wCeuu22oniQ@mail.gmail.com>
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I am "defensive" because you seem to make a general case of something =

that can only happen in case of browser's/OS bug, and conveying to Tor =

users that they should not use js is a non sense, you make believe them =

that intrinsically js can easily leak their ip and/or mac addresses, =

which is wrong, this can happen under extraordinary circumstances that =

have nothing to do with js, here a windows/ff bug, which could have been =

a css attack or whatever.

Regards,

Le 14/08/2014 11:06, Anders Andersson a =E9crit :
> On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte <vitteaymeric@gmail.com> =
wrote:
>
>>>    As
>>> someone who argues against using javascript in any context, I can only
>>> say "told you so", but that doesn't really help anyone. :)
>> No and you are wrong
>  From https://lists.torproject.org/pipermail/tor-announce/2013-August/000=
089.html
> "An attack that exploits a Firefox vulnerability in JavaScript has
> been observed in the wild."
> People who didn't allow javascript were safe.
>
>
>>> Because they managed to get in to the client browser, they could learn
>>> the real IP address and MAC address
>> and the color of your shirt
> Why are you so defensive? Is it your code they broke? They could learn
> the color of my shirt if the browser user has access to a webcam,
> which is not uncommon. This is however highly irrelevant.
>
>
>>> , they didn't learn this through
>>> Tor.
>> Are you serious in your answer?
> Very much so. If you don't believe me, then maybe you'll believe these so=
urces:
>
> https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.ht=
ml
> https://www.mozilla.org/security/announce/2013/mfsa2013-53.html
>
> Nothing was exploited through Tor. In fact, they couldn't find out who
> was using the server *because* people used Tor. So they had to resort
> to javascript exploits.

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

