On 2012-04-18, Joseph Lorenzo Hall <joeh...@gmail.com> wrote: > The underlying point is that it would be neat if > you've done a comprehensive analysis of a specific version of Tor, > etc., etc.
No, the underlying point is that I have personally seen wget send my computer's IP address over Tor in an FTP PORT command. wget is not ‘100% safe’. The code to send a PORT command is still present in wget 1.13.4. wget 1.13.4 is not ‘100% safe’; anyone who wants to recommend it needs to specify a particular configuration of wget which is safe. (Don't count on a ‘default configuration’; Linux distributors might have messed with it, or failed to update it to the version shipped in recent wget source distributions.) And that's not even the potential information leak that folks who are familiar with ‘anonymous FTP’ would check for first. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk