Hacker News new | past | comments | ask | show | jobs | submit login

Security is in the eye of the application. Unauthenticated editing isn't an exploit on Wikipedia but it would be on the CDC's website

In this case the fact that a user is using tor is considered protected information meaning any exposure of that is in fact a info leak vulnerability




The "fact that a user is using Tor" is not discussed in the post. There is zero connection between how Tor nodes generate their TLS certificates and whether or not you can detect that a user is using Tor. All you can do with this information (which is not a secret but a well-discussed tradeoff with no better option) is to identify Tor relays, which are already public.


tor will never be secure if you're running js enabled. trying to achiveve that is way out of scope of the project:

https://support.torproject.org/tbb/tbb-34/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: