On Mon, 28 Feb 2011 15:02:40 -0500 thecarp <thecarp@xxxxxxxxx> wrote: > After the whole discussion about "gatereloaded" and "badexits" I was > thinking a bit about the discussion and wondering if there is a way to > add a bit more protection to people who are, well, newbs. As one article > pointed out: > > "many who use Tor mistakenly believe it is an end-to-end encryption > tool. As a result, they aren't taking the precautions they need to take > to protect their web activity. " > > This is a similar, but not exactly the same problem. Clearly blocking > all port 80 would be pretty harmful to a lot of use. However, for > protocols like pop3 or imap, the case for allowing them is clearly not > as strong, though, the case for banning them completely or requiring > exit nodes to carry both is... pretty dubious (especially given that > some people will run things on non-standard ports anyway). Connections to the plaintext POP3 and IMAP ports may be secured using the STARTTLS command. > So here is my thought, what do people think of a configuration item in > tor, setup to be "on" by default, which blocks attempts to go to certain > ports at the proxy level, but allows users to turn this "protection" off > if they wish to? Maybe make the list of blocked ports configurable. This enables attacks against users' anonymity -- for example, a web page at <http://evil-site.example.com:80/> could include <http://evil-site.example.com:110/foo.png> as an inline image to distinguish users who have configured their Tor client to allow connections to port 110 from those who have not. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk