Re: Torbutton Documentation - Adversary Capabilities.

2010-07-15 Thread Mike Perry
Thus spake Matthew (pump...@cotse.net): So to go back to the OP's question (my question)what do people think of my questions about JavaScript being able to obtain non-Tor IPs when wiping the cache? If you are also restarting the browser, or closing all windows, you are probably safe

Re: Torbutton Documentation - Adversary Capabilities.

2010-07-14 Thread Matthew
So to go back to the OP's question (my question)what do people think of my questions about JavaScript being able to obtain non-Tor IPs when wiping the cache? On 13/07/2010, at 6:47 AM, Matthew wrote: Hello, I have been reading the Torbutton documentation (thanks, guys) and have a

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

2010-07-14 Thread Anon Mus
Paul Syverson wrote: On Tue, Jul 13, 2010 at 05:30:27PM +0100, Anon Mus wrote: Paul Syverson wrote: Tor doesn't do any batching or delaying. This is just another way you could be identified by timing attacks. Tor provides no resistance to timing attacks, and so far there are no

RE: Torbutton Documentation - Adversary Capabilities.

2010-07-14 Thread downie -
Date: Wed, 14 Jul 2010 22:26:26 +0100 From: pump...@cotse.net To: or-talk@freehaven.net Subject: Re: Torbutton Documentation - Adversary Capabilities. So to go back to the OP's question (my question)what do people think of my questions about JavaScript being able to obtain non-Tor

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

2010-07-14 Thread Paul Syverson
On Thu, Jul 15, 2010 at 12:53:50AM +0100, Anon Mus wrote: Paul Syverson wrote: On Tue, Jul 13, 2010 at 05:30:27PM +0100, Anon Mus wrote: Paul Syverson wrote: And just as there is no such thing as a secure system---only systems secure against a given adversary conducting a given

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

2010-07-13 Thread John Barker
On this subject. I assume that all javascript requests actually use your browsers HTTP/socket engines - therefore although javascript is able to send network requests, they'll still be going through Tor. This means that you could be identified by timing attacks, a particular sequence of

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

2010-07-13 Thread Paul Syverson
On Tue, Jul 13, 2010 at 03:30:57PM +0800, John Barker wrote: On this subject. I assume that all javascript requests actually use your browsers HTTP/socket engines - therefore although javascript is able to send network requests, they'll still be going through Tor. This means that you

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

2010-07-13 Thread Paul Syverson
On Tue, Jul 13, 2010 at 05:30:27PM +0100, Anon Mus wrote: Paul Syverson wrote: Tor doesn't do any batching or delaying. This is just another way you could be identified by timing attacks. Tor provides no resistance to timing attacks, and so far there are no countermeasures that have been