Re: [tor-talk] Getting of Tor Browser
On 04/10/11 04:46, David Carlson wrote: I believe that the main difference between the version of Firefox in the Tor Browser Bundle and the version that most people use is that that version is 'portable' in the sense that it does not need to be 'installed' to run. AIUI the devs are of the opinion that continuing work on Torbutton (the extension for vanilla Firefox) is a drain on resources and offers too many opportunities for compromise, e.g. by browser fingerprinting. Ergo, further development will be done directly on the browser code. Perhaps one of them will be happy to elaborate further. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Revoking your secret_id_key
On 04/10/11 00:44, Nick Mathewson wrote: It might be worthwhile to add a feature where each Tor server generates a signed permanent shutdown notice at the same time it generates its key, and to suggest to node operators that they keep a copy of that notice someplace secure so that they can circulate it as needed if they need to prove that they are saying this node has been compromised. It'd probably need a design proposal. I'm not sure how much of a win it is over the GPG solution above: it saves some steps, but still requires you to make preparations in advance. It's a win in that it makes the procedure for revocation explicit at the beginning. Operators with less understanding of cryptography would most likely be grateful for having that spelled out. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] observation: Browser bundle secure files deletion
I've thought about TBB it insecurely deleting files such as cache when closing TBB Firefox. I assume this is what happens - I've investigated - a BIT - seems that's what it does. *Is this correct?* If true, there's no opportunity to securely wipe the files, rather than them being insecurely deleted - unless I'm mistaken. AFAIK, Tor has no secure wiping capability built in. Don't remember reading in documentation, either that users should be aware of this take appropriate action, or that TBB already handles it securely. Also, no mention of a list of files TBB deletes on shut down, that users might consider the possibility of data being recoverable. If true, the only way to wipe any sensitive info (Ex.: so a repressive gov't can't recover info from HDD), would be use a prgm to wipe free space on the partition containing TBB. If it is installed on a flash drive, that could be wiped, but principal is still the same. Since many users install most everything to C:\ - esp. in Windows (in TBB case, unzip to a folder), then wiping free space process on the OS partition - which MAY be the whole HDD for some users, ALWAYS involves some risk to file(s) corruption. I've never had a disaster wiping free space, but forums like Eraser, CCleaner others are full of posts about the process (apparently) severely damaging the OS. If my assumptions are correct, 1) Have TBB developers considered the issue of some deleted info from sessions, being recoverable? 2) Other than wiping free space, (which takes time) are there other suggestions for avg users to realistically deal w/ this? It doesn't affect me so much, but in repressive countries, it may warrant consideration. I'd think for users wanting to securely wipe free space, it'd be best to use TBB on flash drive or a small partition on HDD. It's possible ? w/ a proper list of files, the files in question MIGHT be securely deleted BEFORE closing TBB, but many wiping prgms would have problems wiping active files. It probably can be done w/ enough knowledge right tools, but most users aren't aware of steps needed, and would not regularly go to that trouble (or forget). Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Getting of Tor Browser
On Mon, 3 Oct 2011 22:46:08 -0500 David Carlson carlson...@sbcglobal.net wrote: In the Windows download section there is a variation called Vidalia Bundle which allegedly sets up an environment within which the standard Windows version of Firefox is expected to behave nicely. As a Windows user, this is what I use. I notice, however, that there is no comparable package for Linux, although there is a link to another page https://www.torproject.org/download/download-unix.html.en which I suppose means something to Unix users. Linux version of TorBrowser just works simple like Windows too. But advanced Linux users and distros developers needs a separate packages for flexibility: (see info about transparency torification for any traffic: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy https://trac.torproject.org/projects/tor/wiki/doc/BlockNonTorTrafficDebian) and some sort of security (using system provided tor-daemon starting from restricted users, SeLinux integration). We know that developers works in the direction of better integrating Tor for Linux not only for point-and-click users: https://trac.torproject.org/projects/tor/ticket/3994 Users comfortable with Linux-packaging system need a way to getting separate TorBrowser as well, with separated depended/recommended packages for neccecary plug-ins. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] observation: Browser bundle secure files deletion
On 10/4/2011 9:22 AM, Julian Yon wrote: On 04/10/11 15:00, Advrk Aplmrkt wrote: I had the exact same question about secure delete. Also, securing wiping the computer's memory is important, as sensitive data could be recovered from RAM even *after* power off... TAILS handles this: http://tails.boum.org/ Using TAILS may involve a compromise, as it seems to still be on FF 3.5, whereas TBB has moved on. Like any security issue you would have to make a decision based on your own threat model. Thanks to both. Advrk - Good point. I'm no pure expert, but seems I've read if computer is POWERED off for ? several minutes, most RAM will be cleared. Even if true, it's a bit inconvenient. IMO, the RAM issue doesn't have as much widespread potential impact as things like cache other files not being securely deleted. ** I see that default Cache Space in Aurora is set = 0. What about people w/ slower machines that REALLY need cache? Of those needing it, I'd guess a good number * need * to securely delete it, whether they're aware or not. Julian - TAILS handles what? Clearing RAM or securely deleting files in FF containing personal data? TAILS may be GREAT, but TBB users probably shouldn't have to rely on 3rd party apps to be secure (esp. in countries where using TBB, that the whole point of using it is (close to) complete anonymity therefore security. They probably shouldn't have to use a 3rd party wiping prgm. Leaving files behind w/ incriminating info (from a repressive gov'ts view) isn't secure or anonymous. Regarding deciding on your threat model - one of my points is, even many Tor / TBB users don't KNOW anything about secure / insecure deletion of certain files when TBB is closed. This could also involve Vidalia / Tor files in TBB. Some don't know what a threat model is. If we're assuming only advanced users should be using Tor / TBB, then everything's fine. I'm almost positive that's NOT the developers' assumption / position. I haven't investigated far enough yet to know what TBB / Aurora will do if under Options Privacy, you check the box: Clear history when Aurora closes, then UNcheck most of the items under the settings. Then after closing TBB, use a wiping prgm w/ pre configured task to wipe the files / folders you want. Again, avg users would have to be instructed - in plain language - not computer speak. A lot of users would * need help * knowing which files to delete that might contain personal / private data. Perhaps a list of all files potentially containing personal / private / browsing data could be listed - VERY PROMINENTLY - where all users would see it some instructions on how to securely delete them. Firefox no longer shows the Delete Private Data box at shutdown, but an addon Ask For Sanitize brings back that box, so one can see / change what's being (insecurely) deleted at shutdown. Or choose not to delete anything, then use a wiping prgm to del files. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] observation: Browser bundle secure files deletion
On 10/4/2011 2:20 PM, Julian Yon wrote: Generally it's polite to read the information you've been given before responding at length. As you have not, I don't see much point in continuing trying to help you. Sorry to have to put it like that, but I'm chronically ill and don't appreciate having my time and energy wasted. Julian I'm very sorry to hear that you're ill - so am I. I hope you get to feeling better, if not get over your illness. Best wishes, ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] observation: Browser bundle secure files deletion
On 2011-10-04, Joe Btfsplk joebtfs...@gmx.com wrote: I've thought about TBB it insecurely deleting files such as cache when closing TBB Firefox. I assume this is what happens - I've investigated - a BIT - seems that's what it does. If you have evidence that TBB-Firefox stores sensitive information to disk without a user asking it to, please file a bug report. One of the main design goals of Torbutton was to prevent Firefox from ever writing sensitive information to disk (unless a user has specifically asked it to, e.g. by changing Torbutton's configuration or adding a bookmark to Firefox). See section 1.2 of https://www.torproject.org/torbutton/design/ . *Is this correct?* I can't tell because you didn't tell us what files you think TBB-Firefox writes which contain sensitive information. If true, there's no opportunity to securely wipe the files, rather than them being insecurely deleted - unless I'm mistaken. AFAIK, Tor has no secure wiping capability built in. Neither Tor nor TBB attempts to securely erase files, because most filesystems in use on most operating systems (and many modern storage devices) make securely erasing files infeasible. Don't remember reading in documentation, either that users should be aware of this take appropriate action, or that TBB already handles it securely. Also, no mention of a list of files TBB deletes on shut down, that users might consider the possibility of data being recoverable. TBB should never write sensitive information to disk. TBB must assume that it is safe to create and delete temporary files which do not contain sensitive information within the TBB directory. If true, the only way to wipe any sensitive info (Ex.: so a repressive gov't can't recover info from HDD), would be use a prgm to wipe free space on the partition containing TBB. If it is installed on a flash drive, that could be wiped, but principal is still the same. Programs that wipe free space are rarely able to wipe enough information to be worthwhile. Flash drives cannot be erased reliably at all. Since many users install most everything to C:\ - esp. in Windows (in TBB case, unzip to a folder), then wiping free space process on the OS partition - which MAY be the whole HDD for some users, ALWAYS involves some risk to file(s) corruption. I've never had a disaster wiping free space, but forums like Eraser, CCleaner others are full of posts about the process (apparently) severely damaging the OS. If my assumptions are correct, 1) Have TBB developers considered the issue of some deleted info from sessions, being recoverable? We have. That's why we try hard to not write sensitive information to disk. 2) Other than wiping free space, (which takes time) are there other suggestions for avg users to realistically deal w/ this? It doesn't affect me so much, but in repressive countries, it may warrant consideration. We assume that erasing data written to disk is impossible, because it is infeasible on most filesystems and operating systems and many storage devices. I'd think for users wanting to securely wipe free space, it'd be best to use TBB on flash drive or a small partition on HDD. It's possible ? w/ a proper list of files, the files in question MIGHT be securely deleted BEFORE closing TBB, but many wiping prgms would have problems wiping active files. It probably can be done w/ enough knowledge right tools, but most users aren't aware of steps needed, and would not regularly go to that trouble (or forget). We assume that erasing data written to disk is impossible, because it is infeasible on most filesystems and operating systems and many storage devices. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Qubes TorVM (and more fun :)
Relevant to a few threads lately: Today, I would like to showcase some of the cool things that one can do with the Qubes networking infrastructure, ... the use of multiple Net VMs for creating isolated networks, the use of a Proxy VM for creating a transparent Tor Proxy VM, as well as [more fun] http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html TAILS + Qubes would be awesome, and more than a little work. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk