| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by MrStonedOne 2150 days ago
	Security is in the eye of the application. Unauthenticated editing isn't an exploit on Wikipedia but it would be on the CDC's website In this case the fact that a user is using tor is considered protected information meaning any exposure of that is in fact a info leak vulnerability

2 comments

rendx 2150 days ago

The "fact that a user is using Tor" is not discussed in the post. There is zero connection between how Tor nodes generate their TLS certificates and whether or not you can detect that a user is using Tor. All you can do with this information (which is not a secret but a well-discussed tradeoff with no better option) is to identify Tor relays, which are already public.

link

modzu 2150 days ago

tor will never be secure if you're running js enabled. trying to achiveve that is way out of scope of the project:

https://support.torproject.org/tbb/tbb-34/

link