On 07/22/11 08:14, Achter Lieber wrote: > ----- Original Message ----- From: [email protected] Sent: > 07/10/11 08:55 PM To: [email protected] Subject: > [tor-talk] Downloading Firefox add-ons trough Tor. Safe? > > I'm having a laptop that is Tor only, so it never connects to the > internet without going trough Tor. Someone wrote that malicious Tor > exit nodes may modify your downloads. So when I need to install the > recommended plug-ins for Firefox, like TorButton and NoScript, and I > do that trough the Tor network, is that safe? Thanks for help! :)
Given the add-ons are updated via SSL, it is reasonably safe as long as you check your certs for possible MIM attack using a "low integrity" CA. Some folks will delete all of the authorities distributed with Firefox and Thunderbird, and then add certs one at a time - validating each. This is pretty easy with Thunderbird (only a few mail accounts); a PITA for FF. Another promising - not perfected for TB - way is using Certificate Patrol. It will popup and warn you if the cert (e.g. for https//addons.mozilla.org) has mysteriously changed. <https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/versions/> _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
