[tor-bugs] #2634 [Tor bundles/installation]: unable to use windows update functionality with tor enabled
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 6 06:39:56 UTC 2013
#2634: unable to use windows update functionality with tor enabled
-----------------------------------------+----------------------------------
Reporter: marshall_banana | Owner: erinn
Type: defect | Status: closed
Priority: normal | Milestone: Tor: unspecified
Component: Tor bundles/installation | Version: Vidalia 0.2.10
Resolution: wontfix | Keywords:
Parent: | Points:
Actualpoints: |
-----------------------------------------+----------------------------------
Comment(by badon):
Replying to [comment:1 rransom]:
> Internet Explorer is not safe to use with Tor. Use Firefox with
Torbutton instead.
I registered just to comment on this. Actually, nothing is safe to use
with Tor. To deter advanced users from using anything other than Firefox
with Torbutton (replaced by the Tor Browser Bundle) is ignorant of use
cases that can benefit from Tor that don't involve mundane web browsing.
For example, if a whistleblower needed to hide his location, but still use
a computer + LAN to continue his work, Tor Browser Bundle would not be
adequate, and his location would be quickly targeted by a drone missile as
soon as he tries to run Windows Update.
The most common use case is anonymity, which the Tor Browser Bundle tries
to server, and the Tor Project discourages novices from trying to do
anything else with Tor. But, for people with other use cases, and arguably
more important ones like the aforementioned whistleblower, there is a way
to make Tor reasonably safe for the minimum of hiding a location. I wrote
an article titled "10 steps to make Tor safer with pfSense", here:
https://www.livebusinesschat.com/smf/index.php?topic=5410.0
Essentially, the only thing that setup attempts to do is block anything
that's not going through a Tor bridge. Using a bridge conceals Tor usage,
which will make it harder for an adversary to narrow down someone's
location just by looking for Tor users. From there, anything that needs to
be used will fail safe instead of fail deadly. Instead of Windows Update
luring the bad guys to your base on the moon, it simply won't work until
it is configured correctly.
I just did a startpage.com search for the follow:
"windows update" tor
...and it brought me here in the first 2 results. Clearly, there is need
for more than just basic anonymity when web browsing, especially for a
person who is not anonymous, and possibly already vulnerable to being
targeted. Simply because there's some web browser that's better than some
other web browser is not a legitimate reason to close this bug as wontfix
- that's not the issue here! Although this may not be a problem the Tor
Project can solve via a bug report on Tor, but certainly it is solvable,
and shouldn't be dismissed so abruptly.
I'm looking for a solution myself, and I'm surprised at how difficult this
is. Not even Proxifier can reroute Windows Update traffic through a proxy,
but lucky for me, pfSense blocked it from revealing my location. Dare I
say that Windows Update is DESIGNED to be a tool for locating people?
marshall_banana, if you can discuss this issue elsewhere away from the Tor
bug tracking system, let's do.
Note: pfSense blocks Tor Browser Bundle's DNS leak bug, which could have
been catastrophic for some people. pfSense might be something that ought
to be recommended together with TBB, if you want TBB to be safe, or at
least safer.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2634#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list