Delivery-Date: Sat, 19 Sep 2015 10:41:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D1D4A1E08B6;
	Sat, 19 Sep 2015 10:41:57 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 75BC93729B;
	Sat, 19 Sep 2015 14:41:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D588F3723B
 for <tor-talk@lists.torproject.org>; Sat, 19 Sep 2015 14:41:48 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XvdJWJZZO-aj for <tor-talk@lists.torproject.org>;
 Sat, 19 Sep 2015 14:41:48 +0000 (UTC)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil
 [IPv6:2001:480:20:118:118::211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B132236A88
 for <tor-talk@lists.torproject.org>; Sat, 19 Sep 2015 14:41:48 +0000 (UTC)
Received: from vpn212046.nrl.navy.mil (vpn212046.nrl.navy.mil [132.250.212.46])
 by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t8JEfjT4010360
 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
 for <tor-talk@lists.torproject.org>; Sat, 19 Sep 2015 10:41:46 -0400
Date: Sat, 19 Sep 2015 10:41:50 -0400
From: Paul Syverson <paul.syverson@nrl.navy.mil>
To: tor-talk@lists.torproject.org
Message-ID: <20150919144150.GS20949@vpn212046.nrl.navy.mil>
References: <55FCFE60.3050001@openmailbox.org>
 <20150919091837.GA16428@lapsedordinary.net>
 <CADop2NF9jub3xNv9mv4ALxniZ-7tdPuGY7wsY23So-aVa0fe6g@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CADop2NF9jub3xNv9mv4ALxniZ-7tdPuGY7wsY23So-aVa0fe6g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: Re: [tor-talk] What good is using Facebook through
 https://facebookcorewwwi.onion/ ?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

You are also not vulnerable to any DNS hijack since address lookup
does not use the DNS system. Likewise BGP hijacks are diminished in
value. But perhaps more important than either of these, any CA hijack
or shenanigans are greatly diminished in usefulness. You might want to
look at a short position paper we have that discusses this:
"Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication"
pdf of paper and
slides available at http://ieee-security.org/TC/SPW2015/W2SP/

We also have a revised and expanded paper reflecting subsequent
developments in the works.

aloha,
Paul

On Sat, Sep 19, 2015 at 09:33:51AM +0000, Virgil Griffith wrote:
> The usual example given for this is, "if you don't want to share your
> amount of Facebook use with your ISP or the NSA, Facebook supports you
> doing that."
> On Sat, 19 Sep 2015 at 17:19 Martijn Grooten <martijn@lapsedordinary.net>
> wrote:
> 
> > On Sat, Sep 19, 2015 at 09:19:12AM +0300, Qaz wrote:
> > > What good does https://facebookcorewwwi.onion/ bring? I think there are
> > > but not much and not that far away from the benefits one can have
> > > logging in via mainstream browsers such as Firefox and Chrome.
> >
> > Perhaps you're on a secret mission somewhere and want to log into
> > Facebook, without letting even Facebook know where you are.
> >
> > Perhaps you can't access Facebook from where you are, but can access
> > Tor.
> >
> > Perhaps neither applies to you, but you just want to make sure those
> > people to whom it does apply don't stand out.
> >
> > Perhaps you think all Internet traffic should use onion routing.
> >
> > Perhaps there's another reason for using it that you don't want to
> > share, which should be fine: one shouldn't generally have to explain why
> > one uses Tor.
> >
> > Martijn.
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

