Silk Road forums
Discussion => Silk Road discussion => Topic started by: hearing on September 27, 2011, 05:50 am
-
Users can currently set the avatar image to load from an external, possibly open-web URL. This leaks information about forum users both to Tor exit nodes and the external site. I request that this feature be disabled.
For example, go this thread on the forum: http://dkn255hz262ypmii.onion/index.php?topic=3256.0
You'll notice your browser connecting to www.royalmarinesonline.com. That's because the user "Serguei" has an avatar hosted on this domain.
-
I agree with you. I don't like the site requesting info off other web servers. However, doesn't using the Tor network and browser (Aurora) keep you anonymous anyway? If the external web server logs an IP, which it probably does, it'll be a random Tor IP anyway.
packet
-
Switch off all avatars period. Fuck them, we do not need them. Only children use them anyway.
-
Lovely pict, isn't it? :)
I wonder when someone will start using some picture they found on some police website, if you can see your browser connect there, that would freak so many people hahaha!
-
I agree. It is theoretically possible to identify us by doing a correlation attack this way, though it would be very difficult to accomplish. Still, better safe than sorry, we should just host all avatars on SR servers.
This is pretty low on my list of security enhancements SR should make though.