mtsio writes: > If you to Preferences->Applications->Portable Document Format there is > the option 'Preview in Tor Browser' that opens the PDF without opening > an external application. What's the problem with that?
There are two kinds of risks that lead to the suggestion not to view documents like PDFs inside your Tor Browser (or even not on the same machine) -- exploits and IP address leaks. The first risk is that sometimes there are software bugs in application and viewer software that would allow someone who knew about the bugs to take over your computer by constructing an invalid input file that exploits the bug and then getting you to render the file. So in that case, someone could, for example, make an invalid PDF that exploits a bug in the PDF renderer in your browser, and get you to view it somehow, and then take over the browser. The other is that many formats can cause software to make Internet requests (for example, it's possible to embed image links in a Word document so that a Word viewer will go and download those images). Here, the concern is that if the software makes some kind of network request when displaying the document, whoever is on the other end may see that request coming directly over the Internet -- not via Tor -- and connect the request with your Tor activity. So, some cautious Tor users advise copying all downloaded files onto a different computer that's not connected to the Internet, or at least inside of a virtual machine with no direct Internet access, and viewing them there. I don't know of specific cases in which people have deliberately used these approaches to identify anonymous Tor users, but it's something that's been discussed, and there _is_ a high rate of malware and tracking links hidden inside e-mail attachments. I liked the anecdote (which I've seen in a few places) that Tibetan Buddhists who've received a lot of malware are now practicing a new "non-attachment principle". https://www.yahoo.com/tech/hit-by-cyberattacks-tibetan-monks-learn-to-be-wary-of-102361885314.html -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk