[tor-dev] Proposal: Integration of BridgeFinder and BridgeFinderHelper (on-disk Data protection)
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Tue Mar 27 10:33:11 UTC 2012
On 3/27/12 12:09 PM, Robert Ransom wrote:
> It's not a typo. Those BridgeFinderHelpers MUST NOT be installed
> unless the user has explicitly permitted that they be installed. Even
> if the user has explicitly permitted that a BridgeFinderHelper be
> installed and write data to disk, it SHOULD NOT write data to disk if
> that is not absolutely necessary.
It arise to my mind the idea discussed to provide a Tor HS Data support
with some specific level of protection in the hands of the Tor operator:
http://www.mail-archive.com/tor-dev@lists.torproject.org/msg00855.html
It was an idea to protect Tor HS but it may be extended as a general
concept for *ALL* tor related data.
Fitting everything into sqlite database protected with sqlcipher (or
other methods) that ask the user for a password, would probably mitigate
this issue and a lot of other ones that are under the hood.
-naif
More information about the tor-dev
mailing list