Delivery-Date: Thu, 26 Jun 2014 15:42:22 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7923D1E0B65
	for <archiver@seul.org>; Thu, 26 Jun 2014 15:42:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6C30A2F423;
	Thu, 26 Jun 2014 19:42:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 173042F3FC
 for <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 19:39:33 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id MPiLhu7LGuCu for <tor-talk@lists.torproject.org>;
 Thu, 26 Jun 2014 19:39:33 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.200])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id F2B742F3EF
 for <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 19:39:32 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus001)
 with ESMTPSA (Nemesis) id 0LbLyu-1WGi9Q11mE-00kzjs for
 <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 21:39:30 +0200
Message-ID: <53AC76C6.2050508@gmx.com>
Date: Thu, 26 Jun 2014 14:38:46 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <1403807644.83828.YahooMailNeo@web122402.mail.ne1.yahoo.com>
In-Reply-To: <1403807644.83828.YahooMailNeo@web122402.mail.ne1.yahoo.com>
X-Provags-ID: V03:K0:8LZ3LTTchkHDuYfE9svkMk/7dL5QoN1v8tqgcBlhBT+5e6yEQc1
 8a6qjlNHJO1V26/MkOFqMnXCocYyxsr7Xay+brEhI0uzHF1soFWNgsVz/BDXOQ2PkDw2l09
 SkEjxCa4Bk72WRmnLCg/E5I6psFJ95kWV5svPworoVebgxfNgLpmh18qVr59fEXyuhq8g21
 9rXtfshtyV0mEd600H42w==
Subject: Re: [tor-talk] Downloading Programs with TBB - dangerous???
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 6/26/2014 1:34 PM, Bobby Brewster wrote:
> /Let's say I download a PDF with Tor. I get the warning that I might download it outside Tor./
That used to be the norm, but I believe the message was changed in later 
TB versions.  Which version are you using?
I'm not sure I've seen that warning lately, for just saving a PDF.
>
> /What is the liklihood of that actually happening?  Are there some dangerous file types that one should not download./
Pretty much the same precautions as regular surfing, as far as 
"dangerous" files - whether inside Tor / Torbrowser or not.
The advice is generally, don't open downloaded files while online. 
Certainly not in or using Torbrowser (like a PDF, using built PDF viewer).
But that viewer isn't AS big of an anonymity breaking threat as using 
3rd party software over the Tor network.  They don't always follow the 
Tor proxy rules.

For some (like Thunderbird) people have gone to great lengths to create 
software / plugins, etc., to make sure it stays inside the Tor network.  
Even those methods aren't 100% foolproof, 100% of the time.
>
> /Please note that I am talking about the downloading itself. I'm not talking about downloaded files containing an image which makes a request to the server so that the user's real IP is exposed./
>
>
Much depends on whether using 3rd party software for the downloading, or 
even Fx addons used in Torbrowser.  If just d/l a PDF or txt file, etc., 
saving it to disk / DVD - from the browser save window isn't a problem.
Of course, most any file could be malicious or its extension be 
intentionally mislabeled.

The addons may be OK, or they may leak data like real IPa, or something 
else.  One shouldn't assume because they're listed on Mozilla AMO, that 
they maintain anonymity over Tor.  They might - but they might not.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

