Roger: > On Sat, Nov 23, 2013 at 07:35:54AM +1000, Katya Titov wrote: >> The advantage that I see is that is there is no way to directly >> access a .onion site without using Tor, so it is a clear indicator >> that Tor is in use, visible to the user. > > Not necessarily. Imagine a local network attacker who sees your > request for a .onion address go out on the local network, and then > supplies you with a DNS answer and then a webpage when you ask for > one. Now you're not using Tor, but you think you are.
But if we're talking about TBB then a local network attacker should never see the request, just the resultant Tor traffic. Unless my understanding is very off. > Now, it's harder for them to do that with > https://check.torproject.org/ because of the https part, but the > attacker could just recognize requests for check and route them > through Tor, so the check page will congratulate you on using Tor > when you're mostly not. > > The correct answer is for TBB to do some self-tests of its proxy > settings, and not ask the big bad scary internet. I certainly agree here, but I'm also a visual person. I use the Network Map a lot to see that the traffic is passing through Tor. (This is one of my issues with the 3.0 series - no Network Map. I've had a look at writing FF plugins but they seem beyond my ability, or at least require more time than I have available at the moment.) I guess that some way to internally ensure that it is indeed using Tor as well as a visual cue would be nice. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk