[tor-talk] Adblock Plus and Ghostery should be included in Tor bundle
Joe Btfsplk
joebtfsplk at gmx.com
Mon Feb 13 01:03:36 UTC 2012
On 2/12/2012 3:00 PM, Patrick Mézard wrote:
> For me, a more basic question is whether installing extensions from a
> fresh Tor installed is (sufficiently) safe. I do not know the details
> of the process but it probably involves some HTTPS connections to
> addons.mozilla.org. If the exit node can perform MITM attacks on SSL
> you may end up installing something unwanted. Could the initial setup
> be made safer, for instance by storing digests of addons.mozilla.org
> certificate in Tor bundles at build time and *warn* if they do not
> match (like a specialized Certificate Patrol would do)? Is it already
> addressed in Firefox? --
Can't checking for addons' "check for updates" be unchecked in Aurora /
Firefox Options? As well as for the browser & search plugins? Does
that not solve the problem of some addon connecting to MAO during a Tor
session?
More information about the tor-talk
mailing list