Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Browser Security Under Scrutiny

Posted by Soulskill on from the shouldn't-we-be-funding-this-better dept.

msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.

3 of 80 comments (clear)

  1. Why not work with Mozilla by Virtucon · · Score: 4, Interesting

    Why not work with Mozilla to address the issues? What about Chromium? I'd put the brakes on anything Google does with Chrome. Their ever-shifting policies have meant that it's no longer a preferred solution to our clients and to my customers. These aren't minor issues either since Google has been building their own walled garden, something a lot of FOSS and Commercial Software organizations won't support. Firefox at least for now, is void of these issues and is much friendlier to the community as a whole.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:Why not work with Mozilla by wbr1 · · Score: 5, Interesting
      Chrome/chromium on windows uses the Windows Crypto API to install and verify certs. This bypasses the TOR proxy and allows for a MITM attack with no user knowledge. Changing this requires more work then what they have to do with FF.

      My questions are thus... why not move to a model where the entire OS is forced through the tor proxy, This could be done with the use of a dummy network adapter and disabling the current adapter while tor is in use. Yes it would likely break certain OS features during that time, but there it is.

      TFA also discusses putting a dumbed down security 'slider' on the browser, but still the default is to allow JIT/JS. Currently you have noscript installed, but not turned off in a fresh install. A few lines of JS is enough to identify an IP or fingerprint more of the system. The default should be most secure with warnings to open it up. Period. At install time you already explin that things do not work like you are used to and then allow the user to decide to reduce security. Anything else provides an illusion of security to a naive user, but still allows an adversary easy means of detection.

      --
      Silence is a state of mime.
  2. Re:Not surprising... by Applehu+Akbar · · Score: 5, Insightful

    I feel the same way about Tor as I do about DuckDuckGo: if I were paranoid enough to use it, I would be paranoid enough to wonder how it gets along without a business model.