Hey everybody, I want to announce that our server is up again.
Thank you all for your suggestions, we're opening issues for each one in the Github repository. I want to thank David Fifield for reporting us the security issue.
Regarding the stored website's url information, we're evaluating the insertion of a checkbox that allows the user to choose if he/she wants to send it or not.
2017-03-15 18:47 GMT+01:00 Philipp Winter phw@nymity.ch:
On Fri, Mar 10, 2017 at 06:25:04PM +0100, Massimo La Morgia wrote:
On Fri, Mar 10, 2017 at 5:39 PM, David Fifield david@bamsoftware.com
wrote:
Your extension reports not only the onion domains that it finds, but also the URL of the page you were browsing at the time: var onionsJson = JSON.stringify({onions:onions, website: window.location.href}); You need to at least inform your research subjects/users what of their private data you are storing and what you are doing with it.
As you can see from the source code we are not storing any sensitive data like ip or users information. do you think that only URL page can damage user privacy?
Yes, web applications encode sensitive information in URLs all the time. Usernames, passwords, personal preferences, you name it. Even just the page's domain name reveals a lot about you -- think about somebody visiting google.it versus google.dk. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev