Silk Road forums
Discussion => Security => Topic started by: Cgault on November 10, 2011, 12:54 pm
-
hey Tor experts! I was looking at my "map of the Tor network" option when I start the Tor browser bundle. and I see under one of the USA nodes: Safebrowsing.Google.com:80
I know this is a beta API for submitting links to check for malware. I am not sure why its showing up under the node list when I start the Tor client - it tends to go away after a minute or two. At first I thought it was leakage coming from my non Tor session - but Nope! It is definately tied to the Tor session proxy via 127.0.0.1
Any ideas experts?
-
It's the search function in the top-right corner of your browser I think.
I know when you put something in there and search it references that link... and of course any mishandled URLs in the address bar will also be redirected.
-
in firefox:
edit -> preferences -> security -> uncheck block reported attack sites and reported forgeries
firefox blocks these sites by sending google every URL you surf to, and then having google compare it to a list of attack / forged sites. Actually, that is exaggeration, that is only how it used to work. Now you download the lists from google and it checks client side, only reporting to google if you actually went to one of the sites. Of course google could always say that dkn255hz262ypmii.onion is the url of an attack site. What's even worse is google has a ID for you, so if you use the same browser for non-tor and tor surfing it could link you based on this and deanonymize you as someone who went to SR at a specific time. I don't think they are doing this particular attack though.
-
11. What is the Enhanced Protection Feature?
If you enable Enhanced Protection, the Google Safe Browsing Extension will provide more up-to date protection by sending encrypted URLs of sites that you visit and limited information about the site content to Google for evaluation. For information about how we protect your privacy in this and other usage data, please see the Google Privacy Policy.
12. What information is sent to Google when I enable the Enhanced Protection Feature?
When enabled, the entire URL of the site that you're visiting will be securely transmitted to Google for evaluation. In addition, a very condensed version of the page's content may be sent to compare similarities between authentic and forged pages. For example, if the condensed 'fingerprint' of the page you are visiting matches the 'fingerprint' of a popular bank's site but the page's URL is different, that's a good sign that the page you are on is designed to mislead users.
If you disable Enhanced Protection, no information about the pages you visit will be sent to Google unless you visit a page Google Safe Browsing identifies as potentially unsafe. In this case, we will only send the action you choose to take to help refine our anti-phishing algorithms. Please note that enabling Enhanced Protection gives the Google Safe Browsing extension access to the most up-to-date fraud information about each page you visit.
Ah, now you need "Enhanced real time spy on me" for google to get every single URL you visit with firefox. But of course they can still get flagged URLs with their current implementation, they just need to add the URL of the site they are interested in to their database of attack sites / forgeries. Last I checked it still sends info to google when you trigger the client side database, they just don't feed google every single url you visit anymore.
-
I believe that these are checked - enabled, as a default in the Tor browsing bundle - why would that be if its not recommended?
-
I doubt that they are enabled by default in the Tor browsing bundle. Anyway javascript is enabled by default in the tor browsing bundle, and it isn't suggested that you have it on either. Tor people just know a lot of people require javascript. If you don't absolutely need javascript you shouldn't have it enabled though imo.
-
Lazypeepsarebusted - Ha !!!!! That says it all. Thanks