Firefox+TOR+Fed=Your busted

[BBA]

Yep, because Firefox is so secure...
http://www.wired.com/threatlevel/2013/08/freedom-hosting/


http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

Don't know how [H] news missed this but, looks like the gov is on the payroll of the MPAA.RIAA and what ever...so if you think you are going anon with Firefox...think again.

 

[Ryokurin]

Actually the problem was fixed in Firefox months ago and if you did some research it specifically targeted ESR 17, which is what the TOR browser is based on.

It's also been known for years that TORs biggest issue is the capturing of sensitive information and evidence of your true IP from exit nodes. This is why you are advised to turn off all plugins if you are trying to browse anonymously. TORs is good to make it harder to determine who you are, not to completely make you anonymous.

There's been evidence that's popped up time to time of several governments running exit nodes on the sly for years.

 

[eof]

It's actually fairly easy to also deanonymize Tor-services without compromising the host. A pretty good talk about this was given at the Oakland conference this year. The paper is the following:

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization, Alex Biryukov (University of Luxembourg), Ivan Pustogarov (University of Luxembourg), and Ralf-Philipp Weinmann (University of Luxembourg)

Since it's an IEEE conference, the article is paywalled unless you are at a university. Long story short: with lots of resources you can pretty quickly narrow down the real identity of someone on the Tor network.