On Sun, Nov 15, 2015 at 7:15 AM, Pascal Stumpf <[email protected]> wrote: > This is exactly one of those scenarios that are extremely dangerous. An > attacker can trivially expose whistleblowers by inspecting the traffic > at the reverse proxy's end.
The danger here is that browsers send information related to messages sent in other contexts if the user has used that browser in other contexts. Browsers are deliberately security compromised to support various popular revenue models. There are some analogous issues having to do with setting up a web server and the leaky nature of development platforms. But treating this as "extremely dangerous" without offering a path forward means that people need to "roll their own" approaches when faced with related needs. (For example: write one's own web server from scratch, use a tor browser on a discardable and short lived machine which isn't used for anything else and which has no non-tor internetworking capability.) Is that what you are suggesting here? Thanks, -- Raul
