Tor advises users to avoid Windows

Posted on Thursday, Aug 08 2013 @ 11:12 CEST by Thomas De Maesschalck
Tor logo
In a security advisory on its website, Tor advises users to switch away from Windows to ensure anonimity. The advice comes after the discovery of a vulnerability in Firefox that enables hackers (and government agencies) to discover identifying information about Tor users. Full details can be read over here.
WHAT TO DO:
First, be sure you're running a recent enough Tor Browser Bundle. That should keep you safe from this attack.

Second, be sure to keep up-to-date in the future. Tor Browser Bundle automatically checks whether it's out of date, and notifies you on its homepage when you need to upgrade. Recent versions also add a flashing exclamation point over the Tor onion icon. We also post about new versions on the Tor blog: https://blog.torproject.org/

Third, realize that this wasn't the first Firefox vulnerability, nor will it be the last [10]. Consider disabling JavaScript (click the blue "S" beside the green onion, and select "Forbid Scripts Globally"). Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect. A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings [11]. You might also like Request Policy [12]. And you might want to randomize your MAC address, install various firewalls, etc.

Fourth, consider switching to a "live system" approach like Tails [13]. Really, switching away from Windows is probably a good security move for many reasons.

And finally, be aware that many other vectors remain for vulnerabilities in Firefox. JavaScript is one big vector for attack, but many other big vectors exist, like css, svg, xml, the renderer, etc. We need help improving usability of (and doing more security analysis of) better sandboxing approaches [14] as well as VM-based approaches like Whonix [15] and WiNoN [16]. Please help!


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments