I'm seeking some opinions on best practices for creating web pages with Tor
users in mind. Specifically for the Tor Map Project, though I don't think it
really matters.
I know flash, javascript, and cookies can all be used to compromise
anonymity. I have no intention of using these in such a
on a more general note: Does anyone actually have an example of how
javascript can compromise your anonymity? Not it can obtain your IP-type
stuff, but actual code.
I have yet to see an example of pure JavaScript code that can read an
end-user's IP address. Any code I've seen returns either localhost or
127.0.0.1.
That's kind of the conclusion I've reached, though I'm far from an expert.
So, if it can't read the IP, why is it a security risk? Because
http://socialistsushi.com/tormap/
very preliminary, and no real capability for looking around.
I've taken up the task creating a map of tor routers. I have a test image up
at http://socialistsushi.com/tor.png
So far I have a mapserver and data on tor routers in a postgis database, so
I can produce images like the one above. Now that I've figured that out, I'd
like some comments on how I
Neat; if you're going to check more often than that, I'd suggest that
you run a Tor client and look in its cache instead.
Is there a reason to check more often than that?
Neat stuff! Keeping historical data might also be cool, so you could
see how the network's geography changed over
Another things to consider, since you're going to be doing so much
checking is to instead of just running a tor client, running an
authoritative directory server. If you don't want to deal with all the
traffic, you can just set it to only allow local connections and not
adversite. Another
On 2/2/07, James Muir [EMAIL PROTECTED] wrote:
Just curious -- how does ssh inform you that a man-in-the-middle (i.e.
the exit node) is trying to victimize you?
ssh complains that the server's key has changed. I've had it happen a few
times
In any case, ssh public keys are self-created and are not validated by
TTPs. So, the very first time you connect to the server I don't think
you would be able to detect a mitm attack.
unless you knew the key's fingerprint. Otherwise, no, you wouldn't detect
it. Until the next time you
Someone reported similar behavior a while back, so I figured I'd mention this:
yesterday while using ssh over tor, ssh complained loudly that the key
on the remote server had changed. I knew it had not. I canceled the
operation, tried again, and everything worked as normal.
The key fingerprint
10 matches
Mail list logo
