[or-cvs] r16286: Maintenance French Translation (in website/trunk: fr torbutton/fr)
mfr at seul.org
mfr at seul.org
Thu Jul 31 07:09:47 UTC 2008
Author: mfr
Date: 2008-07-31 03:09:46 -0400 (Thu, 31 Jul 2008)
New Revision: 16286
Modified:
website/trunk/fr/documentation.wml
website/trunk/fr/download-unix.wml
website/trunk/fr/download.wml
website/trunk/torbutton/fr/index.wml
Log:
Maintenance French Translation
Modified: website/trunk/fr/documentation.wml
===================================================================
--- website/trunk/fr/documentation.wml 2008-07-31 06:45:46 UTC (rev 16285)
+++ website/trunk/fr/documentation.wml 2008-07-31 07:09:46 UTC (rev 16286)
@@ -1,5 +1,5 @@
## translation metadata
-# Based-On-Revision: 15123
+# Based-On-Revision: 16280
# Last-Translator: mfr(ät]misericordia.be, fredzupy at gmail.com
@@ -231,7 +231,7 @@
<li><a href="<svnsandbox>">Bac à sable SVN (sandbox) régulièrement mis à jour</a></li>
<li><a href="https://svn.torproject.org/svn/tor/trunk">Parcourir le répertoire du dépôt SVN directement</a></li>
<li><a href="http://cvs.seul.org/viewcvs/viewcvs.cgi/?root=Tor">Voir le CVS</a></li>
- <li>accès anonyme à <a href="http://subversion.tigris.org/">subversion :</a>
+ <li><a href="http://subversion.tigris.org/">Subversion :</a>
<ul>
<li>Créez un répertoire vide et placez-vous dans ce répertoire.</li>
<li><kbd>svn checkout https://tor-svn.freehaven.net/svn/tor/trunk tor</kbd></li>
Modified: website/trunk/fr/download-unix.wml
===================================================================
--- website/trunk/fr/download-unix.wml 2008-07-31 06:45:46 UTC (rev 16285)
+++ website/trunk/fr/download-unix.wml 2008-07-31 07:09:46 UTC (rev 16286)
@@ -1,5 +1,5 @@
## translation metadata
-# Based-On-Revision: 15961
+# Based-On-Revision: 16278
# Last-Translator: mfr(ä]misericordia.be, eightone_18 @yahoo.co.uk
#include "head.wmi" CHARSET="UTF-8" TITLE="Tor : Télécharger pour Linux/Unix"
@@ -49,8 +49,7 @@
</td>
<td>
<a href="<package-rpm4-alpha>"><version-rpm4-alpha> RPM</a> (<a
-href="<package-rpm4-alpha-sig>">sig</a>)<br />
-<a href="<package-rpm4-021>"><version-rpm4-021> RPM</a> (<a href="<package-rpm4-021-sig>">sig</a>)
+href="<package-rpm4-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>
@@ -65,8 +64,7 @@
</td>
<td>
<a href="<package-srpm4-alpha>"><version-rpm4-alpha> SRPM</a> (<a
-href="<package-srpm4-alpha-sig>">sig</a>)<br />
- <a href="<package-srpm4-021>"><version-rpm4-021> SRPM</a> (<a href="<package-srpm4-021-sig>">sig</a>)
+href="<package-srpm4-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">Linux/BSD/Unix instructions</a>
@@ -80,8 +78,7 @@
</td>
<td>
<a href="<package-rpm5-alpha>"><version-rpm5-alpha> RPM</a> (<a
-href="<package-rpm5-alpha-sig>">sig</a>)<br />
- <a href="<package-rpm5-021>"><version-rpm5-021> RPM</a> (<a href="<package-rpm5-021-sig>">sig</a>)
+href="<package-rpm5-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>
@@ -97,8 +94,7 @@
<td>
<a href="<package-srpm5-alpha>"><version-rpm5-alpha> SRPM</a> (<a
-href="<package-srpm5-alpha-sig>">sig</a>)<br />
- <a href="<package-srpm5-021>"><version-rpm5-021> SRPM</a> (<a href="<package-srpm5-021-sig>">sig</a>)
+href="<package-srpm5-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>
@@ -112,8 +108,7 @@
</td>
<td>
<a href="<package-rpmfc-alpha>"><version-rpmfc-alpha> RPM</a> (<a
-href="<package-rpmfc-alpha-sig>">sig</a>)<br />
- <a href="<package-rpmfc-021>"><version-rpmfc-021> RPM</a> (<a href="<package-rpmfc-021-sig>">sig</a>)
+href="<package-rpmfc-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>
@@ -127,8 +122,7 @@
</td>
<td>
<a href="<package-srpmfc-alpha>"><version-rpmfc-alpha> SRPM</a> (<a
-href="<package-srpmfc-alpha-sig>">sig</a>)<br />
- <a href="<package-srpmfc-021>"><version-rpmfc-021> SRPM</a> (<a href="<package-srpmfc-021-sig>">sig</a>)
+href="<package-srpmfc-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>
@@ -143,8 +137,7 @@
</td>
<td>
<a href="<package-rpmsuse-alpha>"><version-rpmsuse-alpha> RPM</a> (<a
-href="<package-rpmsuse-alpha-sig>">sig</a>)<br />
- <a href="<package-rpmsuse-021>"><version-rpmsuse-021> RPM</a> (<a href="<package-rpmsuse-021-sig>">sig</a>)
+href="<package-rpmsuse-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>
@@ -159,8 +152,7 @@
</td>
<td>
<a href="<package-srpmsuse-alpha>"><version-rpmsuse-alpha> SRPM</a> (<a
- href="<package-srpmsuse-alpha-sig>">sig</a>)<br />
- <a href="<package-srpmsuse-021>"><version-rpmsuse-021> SRPM</a> (<a href="<package-srpmsuse-021-sig>">sig</a>)
+ href="<package-srpmsuse-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>
Modified: website/trunk/fr/download.wml
===================================================================
--- website/trunk/fr/download.wml 2008-07-31 06:45:46 UTC (rev 16285)
+++ website/trunk/fr/download.wml 2008-07-31 07:09:46 UTC (rev 16286)
@@ -1,6 +1,6 @@
## translation metadata
-# Based-On-Revision: 15961
-# Last-Translator: mfr(ät]misericordia.be, fredzupy at gmail.com
+# Based-On-Revision: 16278
+# Last-Translator: mfr(ät] misericordia.be, fredzupy at gmail.com
#include "head.wmi" CHARSET="UTF-8" TITLE="Tor : Télécharger"
@@ -30,8 +30,7 @@
href="<package-win32-bundle-stable-sig>">sig</a>)
</td>
<td>
- <a href="<package-win32-bundle-alpha>"><version-win32-bundle-alpha></a> (<a href="<package-win32-bundle-alpha-sig>">sig</a> ) <br />
- <a href="<package-win32-bundle-021>"><version-win32-bundle-021></a> (<a href="<package-win32-bundle-021-sig>">sig</a>)
+ <a href="<package-win32-bundle-alpha>"><version-win32-bundle-alpha></a> (<a href="<package-win32-bundle-alpha-sig>">sig</a> )
</td>
<td>
<a href="<page docs/tor-doc-windows>">Installation & guide de configuration</a>
@@ -47,8 +46,7 @@
</td>
<td>
<a href="<package-osx-bundle-alpha>"><version-osx-bundle-alpha></a> (<a
-href="<package-osx-bundle-alpha-sig>">sig</a>)<br />
- <a href="<package-osx-bundle-021>"><version-osx-bundle-021></a> (<a href="<package-osx-bundle-021-sig>">sig</a>)
+href="<package-osx-bundle-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>
@@ -63,8 +61,7 @@
<a href="<package-oldosx-bundle-stable>"><version-oldosx-bundle-stable></a> (<a href="<package-oldosx-bundle-stable-sig>">sig</a>)
</td>
<td>
- <a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)<br />
- <a href="<package-oldosx-bundle-021>"><version-oldosx-bundle-021></a> (<a href="<package-oldosx-bundle-021-sig>">sig</a>)
+ <a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>
@@ -242,8 +239,7 @@
</td>
<td>
<a href="<package-win32-alpha>"><version-win32-alpha></a> (<a
-href="<package-win32-alpha-sig>">sig</a>) <br />
-<a href="<package-win32-021>"><version-win32-021></a> (<a href="<package-win32-021-sig>">sig</a>)
+href="<package-win32-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-windows>">Installation & guide de configuration</a>
@@ -261,8 +257,7 @@
</td>
<td>
<a href="<package-osx-alpha>"><version-osx-alpha></a> (<a
- href="<package-osx-alpha-sig>">sig</a>)<br />
- <a href="<package-osx-021>"><version-osx-021></a> (<a href="<package-osx-021-sig>">sig</a>)
+ href="<package-osx-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>
@@ -279,8 +274,7 @@
href="<package-oldosx-stable-sig>">sig</a>)
</td>
<td>
-<a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)<br />
- <a href="<package-oldosx-021>"><version-oldosx-021></a> (<a href="<package-oldosx-021-sig>">sig</a>)
+<a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)
</td>
<td>
<a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>
Modified: website/trunk/torbutton/fr/index.wml
===================================================================
--- website/trunk/torbutton/fr/index.wml 2008-07-31 06:45:46 UTC (rev 16285)
+++ website/trunk/torbutton/fr/index.wml 2008-07-31 07:09:46 UTC (rev 16286)
@@ -1,5 +1,5 @@
## translation metadata
-# Based-On-Revision: 16239
+# Based-On-Revision: 16271
# Last-Translator: mfr(ät]misericordia.be
#include "head.wmi" TITLE="Torbutton - Basculez rapidement sur le réseau Tor avec Firefox" CHARSET="UTF-8"
@@ -81,12 +81,11 @@
</script>
<h2>Torbutton</h2>
-<hr>
+<hr />
<strong>Version Actuelle:</strong><version-torbutton><br/>
<br/>
<strong>Auteurs:</strong> Scott Squires & Mike Perry<br/>
-<strong>Courriel:</strong> squires at freehaven dot net, mikeperry (o) fscked/org<br/>
<br/>
<strong>Installation:</strong>
<a href="http://www.torproject.org/torbutton/torbutton-current.xpi"
@@ -104,14 +103,12 @@
<a href="/jsreq.html" title="Ref: 14938 (googleCA)"
onClick="addOpenSearch('googleuk_web','png','General','14445','g');return false">Google UK</a>.
<br/>
-<!--
-<strong>Install:</strong> <a href="torbutton-1.0.4.xpi">torbutton-1.0.4.xpi</a><br/>
--->
<strong>Source:</strong> Vous pouvez <a href="https://svn.torproject.org/svn/torbutton/trunk/">parcourir le référenciel</a> ou simplement dezipper le xpi.
<br/>
<strong>Rapports de Bogues:</strong> <a href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">Torproject flyspray</a><br/>
-<strong>Documents:</strong> <b>[</b> <a href="#FAQ">FAQ</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CHANGELOG">changelog</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/LICENCE">licence</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CREDITS">crédits</a> <b>]</b><br/>
-<h2>Présentation</h2>
+<strong>Documents:</strong> <b>[</b> <a href="<page torbutton/faq>">FAQ</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CHANGELOG">changelog</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/LICENCE">licence</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CREDITS">crédits</a> <b>]</b><br/>
+
+<br/>
<p>
Torbutton est un moyen en 1-click pour les utilisateurs de Firefox d'activer
ou de désactiver l'utilisation de <a href="<page index>">Tor</a> dans le
@@ -122,419 +119,22 @@
compte dans la barre d'état.
</p>
<p>
-Certains utilisateurs peuvent préfèrer un bouton dans la barre d'outils au
+Afin de préserver votre sécurité, Torbutton désactive différents types de contenu dynamique. Vous
+pouvez en apprendre plus dans la <a href="<page torbutton/faq>">FAQ Torbutton</a>,
+ou consultez la liste détaillée des <a href="<page torbutton/options>">options Torbutton
+</a>.
+</p>
+<p>
+Certains utilisateurs préfèrent avoir un bouton dans la barre d'outils au
lieu d'un panneau d'état. Ce bouton est inclus, et l'on ajoute à la barre
- d'outils en cliquant avec le bouton droit sur la barre d'outils souhaitée,
- en sélectionnant "Personnaliser ...", puis en faisant glisser l'icône
- Torbutton sur la barre d'outils. Il y a une option dans les préférences
- pour cacher le panneau d'état (Outils-> Modules complémentaires,
- sélectionnez Torbutton, et cliquez sur Préférences).
+d'outils en cliquant avec le bouton droit sur la barre d'outils souhaitée,
+en sélectionnant "Personnaliser ...", puis en faisant glisser l'icône
+Torbutton sur la barre d'outils. Il y a une option dans les préférences
+pour cacher le panneau d'état (Outils-> Modules complémentaires,
+sélectionnez Torbutton, et cliquez sur Préférences).
</p>
-<p>
-Les nouveaux Firefoxs ont la capacité d'envoyer les requêtes DNS à travers le proxy SOCKS, et Torbutton fera usage de cette fonctionnalité si elle est disponible dans votre version de Firefox.
-</p>
-<a id="FAQ"></a><h2>FAQ</h2>
-<strong>I can't click on links or hit reload after I toggle Tor! Why?</strong>
-
-<p>
-Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
-Bug 409737</a>, pages can still open popups and perform Javascript redirects
-and history access after Tor has been toggled. These popups and redirects can
-be blocked, but unfortunately they are indistinguishable from normal user
-interactions with the page (such as clicking on links, opening them in new
-tabs/windows, or using the history buttons), and so those are blocked as a
-side effect. Once that Firefox bug is fixed, this degree of isolation will
-become optional (for people who do not want to accidentally click on links and
-give away information via referrers). A workaround is to right click on the
-link, and open it in a new tab or window. The tab or window won't load
-automatically, but you can hit enter in the URL bar, and it will begin
-loading. Hitting enter in the URL bar will also reload the page without
-clicking the reload button.
-</p>
-
-<strong>My browser is in some weird state where nothing works right!</strong>
-
-<p>
-Try to disable Tor by clicking on the button, and then open a new window. If
-that doesn't fix the issue, go to the preferences page and hit 'Restore
-Defaults'. This should reset the extension and Firefox to a known good
-configuration. If you can manage to reproduce whatever issue gets your
-Firefox wedged, please file details at <a
-href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">the
-bug tracker</a>.
-</p>
-
-<strong>When I toggle Tor, my sites that use javascript stop working. Why?</strong>
-
-<p>
-Javascript can do things like wait until you have disabled Tor before trying
-to contact its source site, thus revealing your IP address. As such, Torbutton
-must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor
-state changes from the state that was used to load a given page. These features
-are re-enabled when Torbutton goes back into the state that was used to load
-the page, but in some cases (particularly with Javascript and CSS) it is
-sometimes not possible to fully recover from the resulting errors, and the
-page is broken. Unfortunately, the only thing you can do (and still remain
-safe from having your IP address leak) is to reload the page when you toggle
-Tor, or just ensure you do all your work in a page before switching tor state.
-</p>
-
-
-<strong>When I use Tor, Firefox is no longer filling in logins/search boxes
-for me. Why?</strong>
-
-<p>
-Currently, this is tied to the "<b>Block history writes during Tor</b>"
-setting. If you have enabled that setting, all formfill functionality (both
-saving and reading) is disabled. If this bothers you, you can uncheck that
-option, but both history and forms will be saved. To prevent history
-disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
-history reads if you allow history writing during Tor.
-</p>
-
-
-<strong>Which Firefox extensions should I avoid using?</strong>
-
-<p>
-This is a tough one. There are thousands of Firefox extensions: making a
-complete list of ones that are bad for anonymity is near impossible. However,
-here are a few examples that should get you started as to what sorts of
-behavior are dangerous.
-</p>
-
-<ol>
- <li>StumbleUpon, et al</li>
- These extensions will send all sorts of information about the websites you
- visit to the stumbleupon servers, and correlate this information with a
- unique identifier. This is obviously terrible for your anonymity.
- More generally, any sort of extension that requires registration, or even
- extensions that provide information about websites you visit should be
- suspect.
-
- <li>FoxyProxy</li>
-
-While FoxyProxy is a nice idea in theory, in practice it is impossible to
-configure securely for Tor usage without Torbutton. Like all vanilla third
-party proxy plugins, the main risks are <a
-href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
-and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
-disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
-adservers (see the <a href="design/index.html#adversary">Torbutton Adversary
-Model</a> for more information). However, even with Torbutton installed in
-tandem and always enabled, it is still very difficult (though not impossible)
-to configure FoxyProxy securely. Since FoxyProxy's 'Patterns' mode only
-applies to specific urls, and not to an entire tab, setting FoxyProxy to only
-send specific sites through Tor will still allow adservers to still learn your
-real IP. Worse, if those sites use offsite logging services such as Google
-Analytics, you may still end up in their logs with your real IP. Malicious
-exit nodes can also cooperate with sites to inject images into pages that
-bypass your filters. Setting FoxyProxy to only send certain URLs via Non-Tor
-is much more viable, but be very careful with the filters you allow. For
-example, something as simple as allowing *google* to go via Non-Tor will still
-cause you to end up in all the logs of all websites that use Google Analytics!
-See <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this
-question</a> on the FoxyProxy FAQ for more information.
-
- <li>NoScript</li>
- Torbutton currently mitigates all known anonymity issues with Javascript.
- While it may be tempting to get better security by disabling Javascript for
- certain sites, you are far better off with an all-or-nothing approach.
- NoScript is exceedingly complicated, and has many subtleties that can surprise
- even advanced users. For example, addons.mozilla.org verifies extension
- integrity via Javascript over https, but downloads them in the clear. Not
- adding it to your whitelist effectively
- means you are pulling down unverified extensions. Worse still, using NoScript
- can actually disable protections that Torbutton itself provides via
- Javascript, yet still allow malicious exit nodes to compromise your
- anonymity via the default whitelist (which they can spoof to inject any script they want).
-</ol>
-
-
-<strong>Which Firefox extensions do you recommend?</strong>
-<p>
-<ol>
- <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a></li>
- Mentioned above, this extension allows more fine-grained referrer spoofing
-than Torbutton currently provides. It should break less sites than Torbutton's
-referrer spoofing option.
- <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a></li>
- If you use Tor excessively, and rarely disable it, you probably want to
-install this extension to minimize the ability of sites to store long term
-identifiers in your cache. This extension applies same origin policy to the
-cache, so that elements are retrieved from the cache only if they are fetched
-from a document in the same origin domain as the cached element.
-</ol>
-</p>
-
-<strong>Are there any other issues I should be concerned about?</strong>
-<p>
-There is currently one known unfixed security issue with Torbutton: it is
-possible to unmask the javascript hooks that wrap the Date object to conceal
-your timezone in Firefox 2, and the timezone masking code does not work at all
-on Firefox 3. We are working with the Firefox team to fix one of <a
-href="https://bugzilla.mozilla.org/show_bug.cgi?id=392274">Bug 399274</a> or
-<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=419598">Bug 419598</a>
-to address this. In the meantime, it is possible to set the <b>TZ</b>
-environment variable to <b>UTC</b> to cause the browser to use UTC as your
-timezone. Under Linux, you can add an <b>export TZ=UTC</b> to the
-/usr/bin/firefox script, or edit your system bashrc to do the same. Under
-Windows, you can set either a <a
-href="http://support.microsoft.com/kb/310519">User or System Environment
-Variable</a> for TZ via My Computer's properties. In MacOS, the situation is
-<a
-href="http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/EnvironmentVars.html#//apple_ref/doc/uid/20002093-BCIJIJBH">a
-lot more complicated</a>, unfortunately.
-</p>
-
-<p>
-In addition, RSS readers such as Firefox Livemarks can perform
-periodic fetches. Due to <a
-href="https://bugzilla.mozilla.org/show_bug.cgi?id=436250">Firefox Bug
-436250</a>, there is no way to disable Livemark fetches during Tor. This can
-be a problem if you have a lot of custom Livemark urls that can give away
-information about your identity.
-</p>
-
-<h2>Description des Options</h2>
-
-<p>The development branch of Torbutton adds several new security features to
-protect your anonymity from all the major threats the author is aware of. The
-defaults should be fine for most people, but in case you are the tweaker type,
-or if you prefer to try to outsource some options to more flexible extensions,
-here is the complete list. (In an ideal world, these descriptions should all be
-tooltips in the extension itself, but Firefox bugs <a
-href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a
-href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently
-prevent this).</p>
-
-<ul>
- <li>Disable plugins on Tor Usage (crucial)</li>
-
- This option is key to Tor security. Plugins perform their own networking
-independent of the browser, and many plugins only partially obey even their own
-proxy settings.
-
- <li>Isolate Dynamic Content to Tor State (crucial)</li>
-
- Another crucial option, this setting causes the plugin to disable Javascript
- on tabs that are loaded during a Tor state different than the current one,
- to prevent delayed fetches of injected URLs that contain unique identifiers,
- and to prevent meta-refresh tags from revealing your IP when you turn off
- Tor. It also prevents all fetches from tabs loaded with an opposite Tor
- state. This serves to block non-Javascript dynamic content such as CSS
- popups from revealing your IP address if you disable Tor.
-
- <li>Hook Dangerous Javascript (crucial)</li>
-
-This setting enables the Javascript hooking code. Javascript is injected into
-pages to hook the Date object to mask your timezone, and to hook the navigator
-object to mask OS and user agent properties not handled by the standard
-Firefox user agent override settings.
-
- <li>Resize window dimensions to multiples of 50px on toggle (recommended)</li>
-
-To cut down on the amount of state available to fingerprint users uniquely,
-this pref causes windows to be resized to a multiple of 50 pixels on each
-side when Tor is enabled and pages are loaded.
-
- <li>Disable Updates During Tor (recommended)</li>
-
-Under Firefox 2, many extension authors did not update their extensions from
-SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to
-existing extensions. Since Firefox 3 now enforces encrypted and/or
-authenticated updates, this setting is no longer as important as it once
-was (though updates do leak information about which extensions you have, it is
-fairly infrequent).
-
- <li>Disable Search Suggestions during Tor (optional)</li>
-
-This optional setting governs if you get Google search suggestions during Tor
-usage. Since no cookie is transmitted during search suggestions, this is a
-relatively benign behavior.
-
- <li>Block Tor/Non-Tor access to network from file:// urls (recommended)</li>
-
-These settings prevent local html documents from transmitting local files to
-arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that
-force the browser to save arbitrary pages locally (and also inject script into
-arbitrary html files you save to disk via Tor), it is probably a good idea to
-leave this setting on.
-
- <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)</li>
-
-These two settings allow you to obtain a greater degree of assurance that
-after you toggle out of Tor, the pages are really gone and can't perform any
-extra network activity. Currently, there is no known way that pages can still
-perform activity after toggle, but these options exist as a backup measure
-just in case a flaw is discovered. They can also serve as a handy 'Boss
-Button' feature for clearing all Tor browsing off your screen in a hurry.
-
- <li>Isolate access to history navigation to Tor state (crucial)</li>
-
-This setting prevents both Javascript and accidental user clicks from causing
-the session history to load pages that were fetched in a different Tor state
-than the current one. Since this can be used to correlate Tor and Non-Tor
-activity and thus determine your IP address, it is marked as a crucial
-setting.
-
- <li>Block History Reads during Tor (crucial)</li>
-
- Based on code contributed by <a href="http://www.collinjackson.com/">Collin
- Jackson</a>, when enabled and Tor is enabled, this setting prevents the
-rendering engine from knowing if certain links were visited. This mechanism
-defeats all document-based history disclosure attacks, including CSS-only
-attacks.
-
- <li>Block History Reads during Non-Tor (recommended)</li>
-
- This setting accomplishes the same but for your Non-Tor activity.
-
- <li>Block History Writes during Tor (recommended)</li>
-
- This setting prevents the rendering engine from recording visited URLs, and
-also disables download manager history. Note that if you allow writing of Tor history,
-it is recommended that you disable non-Tor history reads, since malicious
-websites you visit without Tor can query your history for .onion sites and
-other history recorded during Tor usage (such as Google queries).
-
- <li>Block History Writes during Non-Tor (optional)</li>
-
-This setting also disables recording any history information during Non-Tor
-usage.
-
-<li>Clear History During Tor Toggle (optional)</li>
-
- This is an alternate setting to use instead of (or in addition to) blocking
-history reads or writes.
-
- <li>Block Password+Form saving during Tor/Non-Tor</li>
-
- These options govern if the browser writes your passwords and search
- submissions to disk for the given state.
-
- <li>Block Tor disk cache and clear all cache on Tor Toggle</li>
-
- Since the browser cache can be leveraged to store unique identifiers, cache
-must not persist across Tor sessions. This option keeps the memory cache active
-during Tor usage for performance, but blocks disk access for caching.
-
- <li>Block disk and memory cache during Tor</li>
-
- This setting entirely blocks the cache during Tor, but preserves it for
-Non-Tor usage.
-
- <li>Clear Cookies on Tor Toggle</li>
-
- Fully clears all cookies on Tor toggle.
-
- <li>Store Non-Tor cookies in a protected jar</li>
-
- This option stores your persistent Non-Tor cookies in a special cookie jar
- file, in case you wish to preserve some cookies. Based on code contributed
- by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is
- compatible with third party extensions that you use to manage your Non-Tor
- cookies. Your Tor cookies will be cleared on toggle, of course.
-
- <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)</li>
-
- This option stores your persistent Tor and Non-Tor cookies
- separate cookie jar files. Note that it is a bad idea to keep Tor
- cookies around for any length of time, as they can be retrieved by exit
- nodes that inject spoofed forms into plaintext pages you fetch.
-
- <li>Manage My Own Cookies (dangerous)</li>
-
- This setting allows you to manage your own cookies with an alternate
-extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,
-since malicious exit nodes can spoof document elements that appear to be from
-sites you have preserved cookies for (and can then do things like fetch your
-entire gmail inbox, even if you were not using gmail or visiting any google
-pages at the time!).
-
- <li>Do not write Tor/Non-Tor cookies to disk</li>
-
- These settings prevent Firefox from writing any cookies to disk during the
- corresponding Tor state. If cookie jars are enabled, those jars will
- exist in memory only, and will be cleared when Firefox exits.
-
- <li>Disable DOM Storage during Tor usage (crucial)</li>
-
- Firefox has recently added the ability to store additional state and
- identifiers in persistent tables, called <a
- href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.
- Obviously this can compromise your anonymity if stored content can be
- fetched across Tor-state.
-
- <li>Clear HTTP auth sessions (recommended)</li>
-
- HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site.
-
- <li>Clear cookies on Tor/Non-Tor shutdown</li>
-
- These settings install a shutdown handler to clear cookies on Tor
-and/or Non-Tor browser shutdown. It is independent of your Clear Private Data
-settings, and does in fact clear the corresponding cookie jars.
-
- <li>Prevent session store from saving Tor-loaded tabs (recommended)</li>
-
- This option augments the session store to prevent it from writing out
- Tor-loaded tabs to disk. Unfortunately, this also disables your ability to
- undo closed tabs. The reason why this setting is recommended is because
- after a session crash, your browser will be in an undefined Tor state, and
- can potentially load a bunch of Tor tabs without Tor. The following option
- is another alternative to protect against this.
-
- <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State</li>
-
- This setting allows you to choose which Tor state you want the browser to
- start in normally: Tor, Non-Tor, or whatever state the browser shut down in.
-
- <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor</li>
-
- When Firefox crashes, the Tor state upon restart usually is completely
- random, and depending on your choice for the above option, may load
- a bunch of tabs in the wrong state. This setting allows you to choose
- which state the crashed session should always be restored in to.
-
- <li>Prevent session store from saving Non-Tor/Tor-loaded tabs</li>
-
- These two settings allow you to control what the Firefox Session Store
- writes to disk. Since the session store state is used to automatically
- load websites after a crash or upgrade, it is advisable not to allow
- Tor tabs to be written to disk, or they may get loaded in Non-Tor
- after a crash (or the reverse, depending upon the crash recovery setting,
- of course).
-
- <li>Set user agent during Tor usage (crucial)</li>
-
- User agent masking is done with the idea of making all Tor users appear
-uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this
-string and supporting navigator.* properties, and this version will remain the
-same for all TorButton versions until such time as specific incompatibility
-issues are demonstrated. Uniformity of this value is obviously very important
-to anonymity. Note that for this option to have full effectiveness, the user
-must also allow Hook Dangerous Javascript ensure that the navigator.*
-properties are reset correctly. The browser does not set some of them via the
-exposed user agent override preferences.
-
- <li>Spoof US English Browser</li>
-
-This option causes Firefox to send http headers as if it were an English
-browser. Useful for internationalized users.
-
- <li>Don't send referrer during Tor Usage</li>
-
-This option disables the referrer header, preventing sites from determining
-where you came from to visit them. This can break some sites, however. <a
-href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.
-A more streamlined, less intrusive version of this option should be available
-eventually. In the meantime, <a
-href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can
-provide this functionality via a default option of <b>Forge</b>.
-</ul>
-
</div><!-- #main -->
#include <foot.wmi>
More information about the tor-commits
mailing list