-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > Is there any anonymity / fingerprinting issue(s) w/ extension > shipped w/ TBB auto updating during a Tor session? > > Default setting in TBB in Addons > Extension under drop box, > "Update Add-ons Automatically" is checked. > > Do No Script, HTTPS Everywhere, TorButton automatically update when > the default update selection above is checked & does that pose any > anonymity / fingerprinting issues?
You might be interested in this discussion: https://lists.torproject.org/pipermail/tor-talk/2011-June/020755.html https://lists.torproject.org/pipermail/tor-talk/2011-July/020784.html short version: the exit sees what you are updating (http request) but can't modify it without being detected. regarding the prevention of SSL MITM (compromised CAs and the such) during the update process, you might want to have a look at: https://trac.torproject.org/projects/tor/ticket/3555 the future of key pinning via HTTP headers http://tools.ietf.org/rfcmarkup?doc=draft-ietf-websec-key-pinning-01 -----BEGIN PGP SIGNATURE----- iF4EAREKAAYFAk+xbEkACgkQyM26BSNOM7aJ3AEAnWiVA4+And1x/ThB07dH/p6M Y8KBT51eNVCFKg8GCsgA/AjaTuAsE2tuGhky25py9KCZtqAQsIbKdXQsjAE9U9iD =dlXp -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
