commit 4a9383538bde6935c90fb4d36d98147f84650d04 Author: Sebastian Hahn <sebastian@torproject.org> Date: Mon Jul 6 03:40:25 2015 +0200 remove some decloak.net links (site is offline) --- docs/torbutton/en/design/design.xml | 12 ++++++------ docs/torbutton/en/design/index.html.en | 8 ++++---- projects/torbrowser/design/index.html.en | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/torbutton/en/design/design.xml b/docs/torbutton/en/design/design.xml index d50f267..1231841 100644 --- a/docs/torbutton/en/design/design.xml +++ b/docs/torbutton/en/design/design.xml @@ -172,9 +172,9 @@ investigated is also capable of performing network activity independent of browser proxy settings - and often independent of its own proxy settings. Sites that have plugin content don't even have to be malicious to obtain a user's -Non-Tor IP (it usually leaks by itself), though <ulink -url="http://decloak.net">plenty of active -exploits</ulink> are possible as well. In addition, plugins can be used to store unique identifiers that are more +Non-Tor IP (it usually leaks by itself), though +plenty of active +exploits are possible as well. In addition, plugins can be used to store unique identifiers that are more difficult to clear than standard cookies. <ulink url="http://epic.org/privacy/cookies/flash.html">Flash-based cookies</ulink> fall into this category, but there are likely numerous other @@ -1181,8 +1181,8 @@ url="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/con url="http://java.sun.com/j2se/1.5.0/docs/api/java/net/class-use/NetworkInterface.html">can query</ulink> the <ulink url="http://www.rgagnon.com/javadetails/java-0095.html">local IP address</ulink> and report it back to the -remote site. They can also <ulink -url="http://decloak.net">bypass proxy settings</ulink> and directly connect to a +remote site. They can also +>bypass proxy settings and directly connect to a remote site without Tor. Every browser plugin we have tested with Firefox has some form of network capability, and every one ignores proxy settings or worse - only partially obeys them. This includes but is not limited to: @@ -2696,7 +2696,7 @@ testing, and also in the hope that some brave soul will one day decide to combine them into a comprehensive automated test suite. <orderedlist> - <listitem><ulink url="http://decloak.net/">Decloak.net</ulink> + <listitem>Decloak.net (defunct) <para> Decloak.net is the canonical source of plugin and external-application based diff --git a/docs/torbutton/en/design/index.html.en b/docs/torbutton/en/design/index.html.en index 82ecd64..8053d49 100644 --- a/docs/torbutton/en/design/index.html.en +++ b/docs/torbutton/en/design/index.html.en @@ -95,8 +95,8 @@ investigated is also capable of performing network activity independent of browser proxy settings - and often independent of its own proxy settings. Sites that have plugin content don't even have to be malicious to obtain a user's -Non-Tor IP (it usually leaks by itself), though <a class="ulink" href="http://decloak.net" target="_top">plenty of active -exploits</a> are possible as well. In addition, plugins can be used to store unique identifiers that are more +Non-Tor IP (it usually leaks by itself), though plenty of active +exploits are possible as well. In addition, plugins can be used to store unique identifiers that are more difficult to clear than standard cookies. <a class="ulink" href="http://epic.org/privacy/cookies/flash.html" target="_top">Flash-based cookies</a> fall into this category, but there are likely numerous other @@ -636,7 +636,7 @@ callback <code class="function">torbutton_prefs_test_settings()</code> in <a cla </p></div></div><div class="sect2" title="5.2. Dynamic Content Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2686645"></a>5.2. Dynamic Content Settings</h3></div></div></div><div class="sect3" title="Disable plugins on Tor Usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="plugins"></a>Disable plugins on Tor Usage (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_tor_plugins</strong></span></p><p>Java and plugins <a class="ulink" href="http://java.sun.com/j2se/1.5.0/docs/api/java/net/class-use/NetworkInterface...." target="_top">can query</a> the <a class="ulink" href="http://www.rgagnon.com/javadetails/java-0095.html" target="_top">local IP address</a> and report it back to the -remote site. They can also <a class="ulink" href="http://decloak.net" target="_top">bypass proxy settings</a> and directly connect to a +remote site. They can also bypass proxy settings and directly connect to a remote site without Tor. Every browser plugin we have tested with Firefox has some form of network capability, and every one ignores proxy settings or worse - only partially obeys them. This includes but is not limited to: @@ -1309,7 +1309,7 @@ individually. They are provided here for reference and future regression testing, and also in the hope that some brave soul will one day decide to combine them into a comprehensive automated test suite. - </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a class="ulink" href="http://decloak.net/" target="_top">Decloak.net</a><p> + </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">Decloak.net (defunct)<p> Decloak.net is the canonical source of plugin and external-application based proxy-bypass exploits. It is a fully automated test suite maintained by <a class="ulink" href="http://digitaloffense.net/" target="_top">HD Moore</a> as a service for people to diff --git a/projects/torbrowser/design/index.html.en b/projects/torbrowser/design/index.html.en index 9ba583d..fe90ad9 100644 --- a/projects/torbrowser/design/index.html.en +++ b/projects/torbrowser/design/index.html.en @@ -595,7 +595,7 @@ connections are not attempted, through the proxy or otherwise (Tor does not yet support IPv6). We have also verified that external protocol helpers, such as SMB URLs and other custom protocol handlers are all blocked. - </p></li><li class="listitem"><span class="command"><strong>Disabling plugins</strong></span><p>Plugins have the ability to make arbitrary OS system calls and <a class="ulink" href="http://decloak.net/" target="_top">bypass proxy settings</a>. This includes + </p></li><li class="listitem"><span class="command"><strong>Disabling plugins</strong></span><p>Plugins have the ability to make arbitrary OS system calls and bypass proxy settings. This includes the ability to make UDP sockets and send arbitrary data independent of the browser proxy settings. </p><p> @@ -2088,4 +2088,4 @@ not directly provide the link sharing capabilities that Web-Send does, it is a better solution to the privacy issues associated with federated login than Web-Send is. - </p></li></ol></div></div></div></div></body></html> \ No newline at end of file + </p></li></ol></div></div></div></div></body></html>