Delivery-Date: Mon, 25 Aug 2014 17:17:20 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 881911E0C95;
	Mon, 25 Aug 2014 17:17:17 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 795FF30A15;
	Mon, 25 Aug 2014 21:17:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2CC0E30A06
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 21:17:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Acmvq3ZEFnj9 for <tor-talk@lists.torproject.org>;
 Mon, 25 Aug 2014 21:17:10 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 101D0309DA
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 21:17:10 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id 826B31E0CC2; Mon, 25 Aug 2014 17:17:07 -0400 (EDT)
Date: Mon, 25 Aug 2014 17:17:07 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20140825211707.GP8819@moria.seul.org>
References: <c19072ec44c750a9bf78215860e425a9.squirrel@bitmessage.ch>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <c19072ec44c750a9bf78215860e425a9.squirrel@bitmessage.ch>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] TOR tried to take a snapshot of my screen
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Aug 25, 2014 at 11:22:27AM -0700, BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY@bitmessage.ch wrote:
> Mirimir wrote:
> > Maybe Zemana is incorrectly flagging some aspect of HTML5 canvas
> > spoofing by the Tor browser as taking a screen snapshot".
> 
> The incident happend at different web pages that had been accessed before
> many times without any incident.
> 
> The Zemana is the same version I am running since December 2013, i.e., it
> is running for around 8 months without any incident.

But the Firefox version is new, including the html5 canvas stuff. So I
think this is still a plausible direction to consider.

A search for 'zemana firefox' brings up several cases like
https://support.mozilla.org/questions/687961
that look related -- people have had problems with the interactions
between these two programs in the past.

> I guess inside the rerouting net is a kind of automatic tool to spy Tor
> users and, in addition, the (humans) operators my pick users at will for
> additional checks. Just my guess.

Well, one of the great features of Tor Browser is the deterministic
build process:
https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details
which basically means that anybody can produce a byte-for-byte identical
version of the Tor Browser download that you have -- and many people
reproduced the Tor Browser 3.6.3 and 3.6.4 versions that you have
(assuming of course that you fetched the real one).

So that means you can grab all the source code (mostly of Firefox)
and be sure that it's actually the thing you're running:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#BuildingtheTorBrowser

Now, I know it isn't fun to look through all of Firefox for compatibility
problems between it and your other Windows program. But the point is
that anybody can do it. So hopefully it is an answer to your above
conspiracy concerns -- if you think there's a screen capture feature
in Firefox, find it!

> Hope more users will start to use Zemana and other anti-spyware and more
> reports about this problem arrives.

Hey, good thinking. Are there any other Zemana users here? I have never
heard of it, so maybe nobody else has either.

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

