[or-cvs] r22944: {website} move torbutton back to a main path rather than buried in pro (in website/branches/web20: . en include projects/en torbutton torbutton/en)
Andrew Lewman
andrew at torproject.org
Wed Aug 18 12:06:31 UTC 2010
Author: phobos
Date: 2010-08-18 12:06:31 +0000 (Wed, 18 Aug 2010)
New Revision: 22944
Added:
website/branches/web20/torbutton/
website/branches/web20/torbutton/Makefile
website/branches/web20/torbutton/en/
website/branches/web20/torbutton/en/index.wml
website/branches/web20/torbutton/en/torbutton-faq.wml
website/branches/web20/torbutton/en/torbutton-options.wml
Removed:
website/branches/web20/projects/en/torbutton-faq.wml
website/branches/web20/projects/en/torbutton-options.wml
website/branches/web20/projects/en/torbutton.wml
Modified:
website/branches/web20/en/index.wml
website/branches/web20/include/info.wmi
website/branches/web20/include/mirrors-table.wmi
website/branches/web20/include/versions.wmi
Log:
move torbutton back to a main path rather than buried in projects,
update versions.wmi to be current, update the mirrors table, need a
better blurb in info.wmi.
Modified: website/branches/web20/en/index.wml
===================================================================
--- website/branches/web20/en/index.wml 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/en/index.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -47,7 +47,7 @@
<tr>
<td>
<img src="images/icon-default.jpg" alt="Default Icon" />
- <h3><a href="<page projects/torbutton>">TorButton</a></h3>
+ <h3><a href="<page torbutton/>">TorButton</a></h3>
<p>Torbutton is a 1-click way for Firefox users to enable or disable the browser's use of Tor. </p>
</td>
<td>
Modified: website/branches/web20/include/info.wmi
===================================================================
--- website/branches/web20/include/info.wmi 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/include/info.wmi 2010-08-18 12:06:31 UTC (rev 22944)
@@ -2,7 +2,7 @@
<div class="img-shadow">
<div class="infoblock">
<h2 class="bulb">Tor Tip</h2>
- <p>If you take a step towards online privacy by downloading Tor, that’s great, but remember that Tor can only be effective if you use the programs it’s developed for!</p>
+ <p>Use Tor correctly or go away. NEED BETTER BLURB.</p>
</div>
<!-- END INFOBLOCK -->
</div>
Modified: website/branches/web20/include/mirrors-table.wmi
===================================================================
--- website/branches/web20/include/mirrors-table.wmi 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/include/mirrors-table.wmi 2010-08-18 12:06:31 UTC (rev 22944)
@@ -1,23 +1,6 @@
<tr>
- <td>UK</td>
-
- <td>tomyn</td>
-
- <td>Up to date</td>
-
- <td><a href="ftp://tor.tomyn.com">ftp</a></td>
- <td><a href="http://tor.tomyn.com/dist">http</a></td>
- <td><a href="http://tor.tomyn.com">http</a></td>
- <td><a href="https://tor.tomyn.com/dist">https</a></td>
- <td><a href="https://tor.tomyn.com">https</a></td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>EE</td>
<td>CyberSIDE</td>
@@ -35,57 +18,23 @@
<tr>
- <td> </td>
+ <td>IR</td>
- <td> spacecowboy </td>
+ <td>Access</td>
<td>Up to date</td>
<td> - </td>
- <td><a href="http://tor-proxy.de/tor-mirror/dist/">http</a></td>
- <td><a href="http://tor-proxy.de/tor-mirror/">http</a></td>
- <td><a href="https://tor-proxy.de/tor-mirror/dist/">https</a></td>
- <td><a href="https://tor-proxy.de/tor-mirror/">https</a></td>
+ <td><a href="http://irani-tor.ath.cx/dist/">http</a></td>
+ <td><a href="http://irani-tor.ath.cx/">http</a></td>
<td> - </td>
<td> - </td>
-</tr>
-
-<tr>
-
- <td>US</td>
-
- <td>BarkerJr</td>
-
- <td>Up to date</td>
-
<td> - </td>
- <td><a href="http://www.torproject.us/dist/">http</a></td>
- <td><a href="http://www.torproject.us/">http</a></td>
- <td><a href="https://www.torproject.us/dist/">https</a></td>
- <td><a href="https://www.torproject.us/">https</a></td>
<td> - </td>
- <td><a href="rsync://rsync.torproject.us/tor">rsync</a></td>
</tr>
<tr>
- <td>US</td>
-
- <td>TheOnionRouter</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://www.theonionrouter.com/dist/">http</a></td>
- <td><a href="http://www.theonionrouter.com/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>DE</td>
<td>beme it</td>
@@ -95,23 +44,23 @@
<td> - </td>
<td><a href="http://tor.beme-it.de/dist/">http</a></td>
<td><a href="http://tor.beme-it.de/">http</a></td>
+ <td><a href="https://tor.beme-it.de/dist/">https</a></td>
+ <td><a href="https://tor.beme-it.de/">https</a></td>
<td> - </td>
- <td> - </td>
- <td> - </td>
<td><a href="rsync://tor.beme-it.de/tor">rsync</a></td>
</tr>
<tr>
- <td>AT</td>
+ <td>INT</td>
- <td></td>
+ <td>CoralCDN</td>
<td>Up to date</td>
<td> - </td>
- <td><a href="http://tor.idnr.at/dist/">http</a></td>
- <td><a href="http://tor.idnr.at/">http</a></td>
+ <td><a href="http://www.torproject.org.nyud.net/dist/">http</a></td>
+ <td><a href="http://www.torproject.org.nyud.net/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -120,40 +69,6 @@
<tr>
- <td>NL</td>
-
- <td>CCC</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://tor.ccc.de/dist/">http</a></td>
- <td><a href="http://tor.ccc.de/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>RU</td>
-
- <td></td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://www.tor.myeveryday.ru/dist/">http</a></td>
- <td><a href="http://www.tor.myeveryday.ru/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>FR</td>
<td>BarkerJr</td>
@@ -163,142 +78,57 @@
<td> - </td>
<td><a href="http://www.oignon.net/dist/">http</a></td>
<td><a href="http://www.oignon.net/">http</a></td>
- <td><a href="https://oignon.net/dist/">https</a></td>
- <td><a href="https://oignon.net/">https</a></td>
+ <td><a href="https://www.oignon.net/dist/">https</a></td>
+ <td><a href="https://www.oignon.net/">https</a></td>
<td> - </td>
<td> - </td>
</tr>
<tr>
- <td>DK</td>
-
- <td>Zentrum der Gesundheit</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://tor.idnr.ws/dist/">http</a></td>
- <td><a href="http://tor.idnr.ws/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>US</td>
- <td>AskApache</td>
+ <td>BarkerJr</td>
<td>Up to date</td>
<td> - </td>
- <td><a href="http://tor.askapache.com/dist/">http</a></td>
- <td><a href="http://tor.askapache.com/">http</a></td>
+ <td><a href="http://www.torproject.us/dist/">http</a></td>
+ <td><a href="http://www.torproject.us/">http</a></td>
+ <td><a href="https://www.torproject.us/dist/">https</a></td>
+ <td><a href="https://www.torproject.us/">https</a></td>
<td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
+ <td><a href="rsync://rsync.torproject.us/tor">rsync</a></td>
</tr>
<tr>
- <td>DE</td>
+ <td> </td>
- <td>chaos darmstadt</td>
+ <td> spacecowboy </td>
<td>Up to date</td>
<td> - </td>
- <td><a href="http://mirrors.chaos-darmstadt.de/tor-mirror/dist/">http</a></td>
- <td><a href="http://mirrors.chaos-darmstadt.de/tor-mirror/">http</a></td>
+ <td><a href="http://tor-proxy.de/tor-mirror/dist/">http</a></td>
+ <td><a href="http://tor-proxy.de/tor-mirror/">http</a></td>
+ <td><a href="https://tor-proxy.de/tor-mirror/dist/">https</a></td>
+ <td><a href="https://tor-proxy.de/tor-mirror/">https</a></td>
<td> - </td>
<td> - </td>
- <td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>SE</td>
+ <td>NL</td>
- <td></td>
+ <td>Amorphis</td>
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://tor.homosu.net/dist">http</a></td>
- <td><a href="http://tor.homosu.net/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>HU</td>
-
- <td>NIIF Institute</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://trak.tor.hu/dist/">http</a></td>
- <td><a href="http://trak.tor.hu/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>HU</td>
-
- <td>Unknown</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td> - </td>
- <td><a href="http://tor.hu/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>IR</td>
-
- <td>Access</td>
-
- <td>Up to date</td>
-
- <td> - </td>
- <td><a href="http://irani-tor.ath.cx/dist/">http</a></td>
- <td><a href="http://irani-tor.ath.cx/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>CN</td>
-
- <td>zuola</td>
-
<td>Out of date</td>
<td> - </td>
- <td><a href="http://tor.zuo.la/dist/">http</a></td>
- <td><a href="http://tor.zuo.la/">http</a></td>
+ <td><a href="http://tor.amorphis.eu/dist/">http</a></td>
+ <td><a href="http://tor.amorphis.eu/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -307,66 +137,32 @@
<tr>
- <td>CN</td>
+ <td>UK</td>
- <td>shizhao</td>
+ <td>tomyn</td>
<td>Out of date</td>
+ <td><a href="ftp://tor.tomyn.com">ftp</a></td>
+ <td><a href="http://tor.tomyn.com/dist">http</a></td>
+ <td><a href="http://tor.tomyn.com">http</a></td>
+ <td><a href="https://tor.tomyn.com/dist">https</a></td>
+ <td><a href="https://tor.tomyn.com">https</a></td>
<td> - </td>
- <td><a href="http://tor.shizhao.org/dist/">http</a></td>
- <td><a href="http://tor.shizhao.org/">http</a></td>
<td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>CN</td>
-
- <td>bullog</td>
-
- <td>Out of date</td>
-
- <td> - </td>
- <td><a href="http://tor.bullog.org/dist/">http</a></td>
- <td><a href="http://tor.bullog.org/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
- <td>CN</td>
-
- <td>ranyunfei</td>
-
- <td>Out of date</td>
-
- <td> - </td>
- <td><a href="http://tor.ranyunfei.com/dist/">http</a></td>
- <td><a href="http://tor.ranyunfei.com/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>NL</td>
- <td>Amorphis</td>
+ <td>CCC</td>
<td>Out of date</td>
<td> - </td>
- <td><a href="http://tor.amorphis.eu/dist/">http</a></td>
- <td><a href="http://tor.amorphis.eu/">http</a></td>
+ <td><a href="http://tor.ccc.de/dist/">http</a></td>
+ <td><a href="http://tor.ccc.de/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -375,15 +171,15 @@
<tr>
- <td>CN</td>
+ <td>DK</td>
- <td>wuerkaixi</td>
+ <td>Zentrum der Gesundheit</td>
<td>Out of date</td>
<td> - </td>
- <td><a href="http://tor.wuerkaixi.com/dist/">http</a></td>
- <td><a href="http://tor.wuerkaixi.com/">http</a></td>
+ <td><a href="http://tor.idnr.ws/dist/">http</a></td>
+ <td><a href="http://tor.idnr.ws/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -392,49 +188,49 @@
<tr>
- <td> </td>
+ <td>CH</td>
- <td> cybervalley </td>
+ <td>Boinc</td>
<td>Out of date</td>
<td> - </td>
+ <td><a href="http://tor.boinc.ch/dist/">http</a></td>
+ <td><a href="http://tor.boinc.ch/">http</a></td>
<td> - </td>
- <td><a href="http://torproject.cybervalley.org/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>CA</td>
+ <td>DE</td>
- <td>Hermetix</td>
+ <td>chaos darmstadt</td>
<td>Out of date</td>
<td> - </td>
+ <td><a href="http://mirrors.chaos-darmstadt.de/tor-mirror/dist/">http</a></td>
+ <td><a href="http://mirrors.chaos-darmstadt.de/tor-mirror/">http</a></td>
<td> - </td>
- <td><a href="http://tor.hermetix.org/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>DE</td>
+ <td>HU</td>
- <td>Bbs</td>
+ <td>Unknown</td>
<td>Out of date</td>
<td> - </td>
<td> - </td>
- <td><a href="http://tor.blingblingsquad.net/">http</a></td>
+ <td><a href="http://tor.hu/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -443,28 +239,11 @@
<tr>
- <td>DE</td>
-
- <td>Spline</td>
-
- <td>Unknown</td>
-
- <td> - </td>
- <td><a href="http://rem.spline.de/tor/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>US</td>
<td>Xpdm</td>
- <td>Unknown</td>
+ <td>Out of date</td>
<td> - </td>
<td><a href="http://torproj.xpdm.us/dist/">http</a></td>
@@ -477,15 +256,15 @@
<tr>
- <td>DE</td>
+ <td>US</td>
- <td>Cybermirror</td>
+ <td>AskApache</td>
- <td>Unknown</td>
+ <td>Out of date</td>
<td> - </td>
- <td><a href="http://tor.cybermirror.org/dist/">http</a></td>
- <td><a href="http://tor.cybermirror.org/">http</a></td>
+ <td><a href="http://tor.askapache.com/dist/">http</a></td>
+ <td><a href="http://tor.askapache.com/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -494,15 +273,15 @@
<tr>
- <td>AU</td>
+ <td>HU</td>
- <td>Wiretapped</td>
+ <td>NIIF Institute</td>
- <td>Unknown</td>
+ <td>Out of date</td>
- <td><a href="ftp://ftp.mirrors.wiretapped.net/pub/security/cryptography/network/tor/">ftp</a></td>
- <td><a href="http://www.mirrors.wiretapped.net/security/cryptography/network/tor/">http</a></td>
<td> - </td>
+ <td><a href="http://trak.tor.hu/dist/">http</a></td>
+ <td><a href="http://trak.tor.hu/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -513,13 +292,13 @@
<td>US</td>
- <td>I'm on the roof</td>
+ <td>TheOnionRouter</td>
- <td>Unknown</td>
+ <td>Out of date</td>
<td> - </td>
- <td><a href="http://mirror.imontheroof.com/tor-mirror/dist/">http</a></td>
- <td><a href="http://mirror.imontheroof.com/tor-mirror/">http</a></td>
+ <td><a href="http://www.theonionrouter.com/dist/">http</a></td>
+ <td><a href="http://www.theonionrouter.com/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -528,49 +307,32 @@
<tr>
- <td>CH</td>
+ <td>IT</td>
- <td>Sixx</td>
+ <td>cybervalley</td>
- <td>Unknown</td>
+ <td>Out of date</td>
<td> - </td>
- <td><a href="http://tor.sixxs.net/dist/">http</a></td>
- <td><a href="http://tor.sixxs.net/">http</a></td>
<td> - </td>
+ <td><a href="http://torproject.cybervalley.org/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
-</tr>
-
-<tr>
-
- <td>CH</td>
-
- <td>Unfix</td>
-
- <td>Unknown</td>
-
<td> - </td>
- <td><a href="http://tor.unfix.org/dist/">http</a></td>
- <td><a href="http://tor.unfix.org/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>IN</td>
+ <td>SE</td>
- <td></td>
+ <td>homosu</td>
- <td>Unknown</td>
+ <td>Out of date</td>
<td> - </td>
- <td><a href="http://www.torproject.org.in/dist/">http</a></td>
- <td><a href="http://www.torproject.org.in/">http</a></td>
+ <td><a href="http://tor.homosu.net/dist">http</a></td>
+ <td><a href="http://tor.homosu.net/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -579,36 +341,36 @@
<tr>
- <td>FR</td>
+ <td>DE</td>
- <td>CRAN</td>
+ <td>[[:bbs:]]</td>
- <td>Unknown</td>
+ <td>Out of date</td>
- <td><a href="ftp://miroir-francais.fr/pub/tor/">ftp</a></td>
- <td><a href="http://tor.miroir-francais.fr/">http</a></td>
<td> - </td>
+ <td><a href="http://tor.blingblingsquad.net/dist">http</a></td>
+ <td><a href="http://tor.blingblingsquad.net/">http</a></td>
+ <td><a href="https://tor.blingblingsquad.net/dist">https</a></td>
+ <td><a href="https://tor.blingblingsquad.net/">https</a></td>
<td> - </td>
<td> - </td>
- <td> - </td>
- <td><a href="rsync://miroir-francais.fr::tor">rsync</a></td>
</tr>
<tr>
- <td>NO</td>
+ <td>UA</td>
- <td>Meulie</td>
+ <td>Technica-03</td>
<td>Unknown</td>
<td> - </td>
- <td><a href="http://tor.meulie.net/">http</a></td>
+ <td><a href="http://tordistua.reactor-xg.kiev.ua/">http</a></td>
+ <td><a href="http://torua.reactor-xg.kiev.ua/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
<td> - </td>
- <td> - </td>
</tr>
<tr>
@@ -630,23 +392,6 @@
<tr>
- <td>HU</td>
-
- <td>ax</td>
-
- <td>Unknown</td>
-
- <td> - </td>
- <td><a href="http://tor.initrd.net/dist/">http</a></td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
- <td> - </td>
-</tr>
-
-<tr>
-
<td>NL</td>
<td>BIT BV</td>
@@ -664,32 +409,32 @@
<tr>
- <td>UK</td>
+ <td>RO</td>
- <td>Ghirai</td>
+ <td>mirrors.sykotik.org</td>
<td>Unknown</td>
+ <td><a href="ftp://mirrors.sykotik.org/pub/tor/">ftp</a></td>
+ <td><a href="http://mirrors.sykotik.org/pub/tor/">http</a></td>
<td> - </td>
- <td><a href="http://www.ghirai.com/tor/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
<td> - </td>
- <td> - </td>
</tr>
<tr>
- <td>UA</td>
+ <td>IN</td>
- <td>Technica-03</td>
+ <td>India Tor Fans</td>
<td>Unknown</td>
<td> - </td>
- <td><a href="http://tordistua.reactor-xg.kiev.ua/">http</a></td>
- <td><a href="http://torua.reactor-xg.kiev.ua/">http</a></td>
+ <td><a href="http://www.torproject.org.in/dist/">http</a></td>
+ <td><a href="http://www.torproject.org.in/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
@@ -698,34 +443,34 @@
<tr>
- <td></td>
+ <td>NO</td>
- <td>StrangeCharm</td>
+ <td>Meulie</td>
<td>Unknown</td>
<td> - </td>
- <td><a href="http://torproject.the-onion-router.net/dist/">http</a></td>
- <td><a href="http://torproject.the-onion-router.net/">http</a></td>
+ <td><a href="http://tor.meulie.net/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
<td> - </td>
+ <td> - </td>
</tr>
<tr>
- <td>CH</td>
+ <td>DE</td>
- <td>Boinc</td>
+ <td>Spline</td>
<td>Unknown</td>
<td> - </td>
- <td><a href="http://tor.boinc.ch/dist/">http</a></td>
- <td><a href="http://tor.boinc.ch/">http</a></td>
+ <td><a href="http://rem.spline.de/tor/">http</a></td>
<td> - </td>
<td> - </td>
<td> - </td>
<td> - </td>
+ <td> - </td>
</tr>
Modified: website/branches/web20/include/versions.wmi
===================================================================
--- website/branches/web20/include/versions.wmi 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/include/versions.wmi 2010-08-18 12:06:31 UTC (rev 22944)
@@ -1,45 +1,47 @@
<define-tag version-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-win32-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-win32-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-win32-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-win32-bundle-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-win32-bundle-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-win32-bundle-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-osx-bundle-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-osx-bundle-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-osx-bundle-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-oldosx-bundle-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-oldosx-bundle-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-oldosx-bundle-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-osx-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-osx-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-osx-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-oldosx-stable whitespace=delete>0.2.1.26</define-tag>
-<define-tag version-oldosx-alpha whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-oldosx-alpha whitespace=delete>0.2.2.14-alpha</define-tag>
-<define-tag version-torbrowserbundle whitespace=delete>1.3.6</define-tag>
+<define-tag version-torbrowserbundle whitespace=delete>1.3.9</define-tag>
<define-tag version-torbrowser-tor whitespace=delete>0.2.1.26</define-tag>
<define-tag version-torbrowser-tor-components whitespace=delete>libevent-1.4.13, zlib-1.2.3, openssl-0.9.8l</define-tag>
-<define-tag version-torbrowser-firefox whitespace=delete>3.5.9</define-tag>
+<define-tag version-torbrowser-firefox whitespace=delete>3.5.11</define-tag>
<define-tag version-torbrowser-torbutton whitespace=delete>1.2.5</define-tag>
<define-tag version-torbrowser-polipo whitespace=delete>1.0.4.1</define-tag>
-<define-tag version-torbrowser-pidgin whitespace=delete>2.6.6</define-tag>
+<define-tag version-torbrowser-pidgin whitespace=delete>2.7.2</define-tag>
<define-tag version-torbrowser-otr whitespace=delete>3.2</define-tag>
<define-tag version-torbrowser-vidalia whitespace=delete>0.2.9</define-tag>
-<define-tag version-torimbrowserbundle whitespace=delete>1.3.6</define-tag>
+<define-tag version-torimbrowserbundle whitespace=delete>1.3.9</define-tag>
-<define-tag version-torbrowserbundlelinux whitespace=delete>1.0.7</define-tag>
-<define-tag version-gnu-torbrowser-tor whitespace=delete>0.2.2.13-alpha</define-tag>
+<define-tag version-torbrowserbundlelinux whitespace=delete>1.0.9</define-tag>
+<define-tag version-gnu-torbrowser-tor whitespace=delete>0.2.2.14-alpha</define-tag>
<define-tag version-gnu-torbrowser-tor-components whitespace=delete>libevent-1.4.13, zlib-1.2.3, openssl-0.9.8l</define-tag>
-<define-tag version-gnu-torbrowser-firefox whitespace=delete>3.5.8</define-tag>
+<define-tag version-gnu-torbrowser-firefox whitespace=delete>3.5.10</define-tag>
<define-tag version-gnu-torbrowser-torbutton whitespace=delete>1.2.5</define-tag>
<define-tag version-gnu-torbrowser-polipo whitespace=delete>1.0.4.1</define-tag>
<define-tag version-gnu-torbrowser-vidalia whitespace=delete>0.2.9</define-tag>
+<define-tag version-vidalia-stable whitespace=delete>0.2.9</define-tag>
+
<define-tag version-androidbundle-tor whitespace=delete>0.2.2.13-alpha</define-tag>
-<define-tag version-androidbundle-orbot whitespace=delete>0.0.7</define-tag>
+<define-tag version-androidbundle-orbot whitespace=delete>0.0.8</define-tag>
<define-tag version-androidbundle-privoxy whitespace=delete>privoxy-3.0.12-stable</define-tag>
<define-tag version-androidbundle-libevent whitespace=delete>libevent-1.4.12-stable</define-tag>
<define-tag package-androidbundle-alpha whitespace=delete>dist/android/<version-androidbundle-tor>-orbot-<version-androidbundle-orbot>.apk</define-tag>
@@ -57,7 +59,7 @@
<define-tag package-osx-bundle-alpha whitespace=delete>dist/vidalia-bundles/vidalia-bundle-<version-osx-bundle-alpha>-0.2.9-i386.dmg</define-tag>
<define-tag package-oldosx-bundle-stable whitespace=delete>dist/vidalia-bundles/vidalia-bundle-<version-oldosx-bundle-stable>-0.2.8-ppc.dmg</define-tag>
-<define-tag package-oldosx-bundle-alpha whitespace=delete>dist/vidalia-bundles/vidalia-bundle-<version-oldosx-bundle-alpha>-0.2.8-ppc.dmg</define-tag>
+<define-tag package-oldosx-bundle-alpha whitespace=delete>dist/vidalia-bundles/vidalia-bundle-<version-oldosx-bundle-alpha>-0.2.9-ppc.dmg</define-tag>
<define-tag package-osx-stable whitespace=delete>dist/osx/Tor-<version-osx-stable>-i386-Bundle.dmg</define-tag>
<define-tag package-osx-alpha whitespace=delete>dist/osx/Tor-<version-osx-alpha>-i386-Bundle.dmg</define-tag>
Deleted: website/branches/web20/projects/en/torbutton-faq.wml
===================================================================
--- website/branches/web20/projects/en/torbutton-faq.wml 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/projects/en/torbutton-faq.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -1,356 +0,0 @@
-## translation metadata
-# Revision: $Revision: 0 $
-# Translation-Priority: 3-low
-
-#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
-<div id="content" class="clearfix">
- <div id="breadcrumbs">
- <a href="<page index>">Home » </a>
- <a href="<page projects/projects>">Projects » </a>
- <a href="<page projects/torbutton>">TorButton » </a>
- <a href="<page projects/torbutton-faq>">TorButton FAQ</a>
- </div>
- <div id="maincol">
- <!-- PUT CONTENT AFTER THIS TAG -->
-
- <h2>Torbutton FAQ</h2>
- <hr />
-
- <h3>Questions</h3>
- <br />
- <ul>
- <li><a href="<page projects/torbutton-faq>#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></li>
- <li><a href="<page projects/torbutton-faq>#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></li>
- <li><a href="<page projects/torbutton-faq>#noflash">I can't view videos on YouTube and other flash-based sites. Why?</a></li>
- <li><a href="<page projects/torbutton-faq>#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find annoying. Can't I just use the old version?</a></li>
- <li><a href="<page projects/torbutton-faq>#weirdstate">My browser is in some weird state where nothing works right!</a></li>
- <li><a href="<page projects/torbutton-faq>#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes for me. Why?</a></li>
- <li><a href="<page projects/torbutton-faq>#thunderbird">What about Thunderbird support? I see a page, but it is the wrong version?</a></li>
- <li><a href="<page projects/torbutton-faq>#extensionconflicts">Which Firefox extensions should I avoid using?</a></li>
- <li><a href="<page projects/torbutton-faq>#recommendedextensions">Which Firefox extensions do you recommend?</a></li>
- <li><a href="<page projects/torbutton-faq>#securityissues">Are there any other issues I should be concerned about?</a></li>
- </ul>
- <br />
-
- <a id="nojavascript"></a>
- <strong><a class="anchor" href="#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></strong>
-
- <p>
- Javascript can do things like wait until you have disabled Tor before trying
- to contact its source site, thus revealing your IP address. As such, Torbutton
- must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor
- state changes from the state that was used to load a given page. These features
- are re-enabled when Torbutton goes back into the state that was used to load
- the page, but in some cases (particularly with Javascript and CSS) it is
- sometimes not possible to fully recover from the resulting errors, and the
- page is broken. Unfortunately, the only thing you can do (and still remain
- safe from having your IP address leak) is to reload the page when you toggle
- Tor, or just ensure you do all your work in a page before switching tor state.
- </p>
-
- <a id="noreloads"></a>
- <strong><a class="anchor" href="#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></strong>
-
- <p>
- Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
- Bug 409737</a>, pages can still open popups and perform Javascript redirects
- and history access after Tor has been toggled. These popups and redirects can
- be blocked, but unfortunately they are indistinguishable from normal user
- interactions with the page (such as clicking on links, opening them in new
- tabs/windows, or using the history buttons), and so those are blocked as a
- side effect. Once that Firefox bug is fixed, this degree of isolation will
- become optional (for people who do not want to accidentally click on links and
- give away information via referrers). A workaround is to right click on the
- link, and open it in a new tab or window. The tab or window won't load
- automatically, but you can hit enter in the URL bar, and it will begin
- loading. Hitting enter in the URL bar will also reload the page without
- clicking the reload button.
- </p>
-
- <a id="noflash"></a>
- <strong><a class="anchor" href="#noflash">I can't view videos on YouTube and
- other Flash-based sites. Why?</a></strong>
-
- <p>
-
- YouTube and similar sites require third party browser plugins such as Flash.
- Plugins operate independently from Firefox and can perform
- activity on your computer that ruins your anonymity. This includes
- but is not limited to: <a href="http://decloak.net">completely disregarding
- proxy settings</a>, querying your <a
- href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local
- IP address</a>, and <a
- href="http://epic.org/privacy/cookies/flash.html">storing their own
- cookies</a>. It is possible to use a LiveCD or VMWare-based solution such as
- <a href="<page projects/torvm>">Tor VM</a> or <a
- href="https://amnesia.boum.org/">The (Amnesic) Incognito Live System</a> that creates a
- secure, transparent proxy to protect you from proxy bypass, however issues
- with local IP address discovery and Flash cookies still remain. </p>
-
- <p>
-
- If you are not concerned about being tracked by these sites (and sites that
- try to unmask you by pretending to be them), and are unconcerned about your
- local censors potentially noticing you visit them, you can enable plugins by
- going into the Torbutton Preferences->Security Settings->Dynamic Content
- tab and unchecking "Disable plugins during Tor usage" box. If you do this
- without Tor VM, The (Amnesic) Incognito Live System or appropriate
- firewall rules, we strongly suggest you at least use <a
- href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a> to <a
- href="http://noscript.net/features#contentblocking">block plugins</a>. You do
- not need to use the NoScript per-domain permissions if you check the <b>Apply
- these restrictions to trusted sites too</b> option under the NoScript Plugins
- preference tab. In fact, with this setting you can even have NoScript allow
- Javascript globally, but still block all plugins until you click on their
- placeholders in a page. We also recommend <a
- href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better Privacy</a>
- in this case to help you clear your Flash cookies.
-
- </p>
-
- <a id="oldtorbutton"></a>
- <strong><a class="anchor" href="#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find
- annoying. Can't I just use the old version?</a></strong>
-
- <p>
-
- <b>No.</b> Use of the old version, or any other vanilla proxy changer
- (including FoxyProxy -- see below) without Torbutton is actively discouraged.
- Seriously. Using a vanilla proxy switcher by itself is so insecure that you are
- not only just wasting your time, you are also actually endangering yourself.
- <b>Simply do not use Tor</b> and you will have the same (and in some cases,
- better) security. For more information on the types of attacks you are exposed
- to with a "homegrown" solution, please see <a
- href="design/index.html#adversary">The Torbutton
- Adversary Model</a>, in particular the <a
- href="design/index.html#attacks">Adversary
- Capabilities - Attacks</a> subsection. If there are any specific Torbutton
- behaviors that you do not like, please file a bug on <a
- href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">the
- bug tracker.</a> Most of Torbutton's security features can also be disabled via
- its preferences, if you think you have your own protection for those specific
- cases.
-
- </p>
-
- <a id="weirdstate"></a>
- <strong><a class="anchor" href="#weirdstate">My browser is in some weird state where nothing works right!</a></strong>
-
- <p>
- Try to disable Tor by clicking on the button, and then open a new window. If
- that doesn't fix the issue, go to the preferences page and hit 'Restore
- Defaults'. This should reset the extension and Firefox to a known good
- configuration. If you can manage to reproduce whatever issue gets your
- Firefox wedged, please file details at <a
- href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">the
- bug tracker</a>.
- </p>
-
- <a id="noautocomplete"></a>
- <strong><a class="anchor" href="#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes
- for me. Why?</a></strong>
-
- <p>
- Currently, this is tied to the "<b>Block history writes during Tor</b>"
- setting. If you have enabled that setting, all formfill functionality (both
- saving and reading) is disabled. If this bothers you, you can uncheck that
- option, but both history and forms will be saved. To prevent history
- disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
- history reads if you allow history writing during Tor.
- </p>
-
- <a id="thunderbird"></a>
- <strong><a class="anchor" href="#thunderbird">What about Thunderbird support? I see a page, but it is the wrong
- version?</a></strong>
-
- <p>
- Torbutton used to support basic proxy switching on Thunderbird back in the 1.0
- days, but that support has been removed because it has not been analyzed for
- security. My developer tools page on addons.mozilla.org clearly lists Firefox
- support only, so I don't know why they didn't delete that Thunderbird listing.
- I am not a Thunderbird user and unfortunately, I don't have time to analyze
- the security issues involved with toggling proxy settings in that app. It
- likely suffers from similar (but not identical) state and proxy leak issues
- with html mail, embedded images, javascript, plugins and automatic network
- access. My recommendation is to create a completely separate Thunderbird
- profile for your Tor accounts and use that instead of trying to toggle proxy
- settings. But if you really like to roll fast and loose with your IP, you
- could try another proxy switcher like ProxyButton, SwitchProxy or FoxyProxy
- (if any of those happen to support thunderbird).
- </p>
-
- <a id="extensionconflicts"></a>
- <strong><a class="anchor" href="#extensionconflicts">Which Firefox extensions should I avoid using?</a></strong>
-
- <p>
- This is a tough one. There are thousands of Firefox extensions: making a
- complete list of ones that are bad for anonymity is near impossible. However,
- here are a few examples that should get you started as to what sorts of
- behavior are dangerous.
- </p>
-
- <ol>
- <li>StumbleUpon, et al
- <p>
- These extensions will send all sorts of information about the websites you
- visit to the stumbleupon servers, and correlate this information with a
- unique identifier. This is obviously terrible for your anonymity.
- More generally, any sort of extension that requires registration, or even
- extensions that provide information about websites you visit should be
- suspect.
- </p></li>
- <li>FoxyProxy
- <p>
- While FoxyProxy is a nice idea in theory, in practice it is impossible to
- configure securely for Tor usage without Torbutton. Like all vanilla third
- party proxy plugins, the main risks are <a
- href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
- and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
- disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
- adservers (see the <a href="design/index.html#adversary">Torbutton Adversary
- Model</a> for more information). However, with Torbutton installed in tandem
- and always enabled, it is possible to configure FoxyProxy securely (though it
- is tricky). Since FoxyProxy's 'Patterns' mode only applies to specific urls,
- and not to an entire tab, setting FoxyProxy to only send specific sites
- through Tor will still allow adservers (whose hosts don't match your filters) to learn your real IP. Worse, when
- sites use offsite logging services such as Google Analytics, you will
- still end up in their logs with your real IP. Malicious exit nodes can also
- cooperate with sites to inject images into pages that bypass your filters.
- Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in
- this regard, but be very careful with the filters you allow. For example,
- something as simple as allowing *google* to go via Non-Tor will still cause you to end up
- in all the logs of all websites that use Google Analytics! See
- <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this question</a> on
- the FoxyProxy FAQ for more information.
- </p></li>
- </ol>
-
- <a id="recommendedextensions"></a>
- <strong><a class="anchor" href="#recommendedextensions">Which Firefox extensions do you recommend?</a></strong>
- <ol>
- <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a>
- <p>
- Mentioned above, this extension allows more fine-grained referrer spoofing
- than Torbutton currently provides. It should break less sites than Torbutton's
- referrer spoofing option.</p></li>
-
- <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a>
- <p>
- If you use Tor excessively, and rarely disable it, you probably want to
- install this extension to minimize the ability of sites to store long term
- identifiers in your cache. This extension applies same origin policy to the
- cache, so that elements are retrieved from the cache only if they are fetched
- from a document in the same origin domain as the cached element.
- </p></li>
-
- <li><a href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better
- Privacy</a>
- <p>
-
- Better Privacy is an excellent extension that protects you from cookies used
- by Flash applications, which often persist forever and are not clearable via
- normal Firefox "Private Data" clearing. Flash and all other plugins are
- disabled by Torbutton by default, but if you are interested in privacy, you
- may want this extension to allow you to inspect and automatically clear your
- Flash cookies for your Non-Tor usage.
-
- </p>
- </li>
- <li><a href="https://addons.mozilla.org/firefox/addon/1865">AdBlock Plus</a>
- <p>
-
- AdBlock Plus is an excellent addon for removing annoying, privacy-invading,
- and <a
- href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick">malware-distributing</a>
- advertisements from the web. It provides
- <a href="http://adblockplus.org/en/subscriptions">subscriptions</a> that are
- continually updated to catch the latest efforts of ad networks to circumvent
- these filters. I recommend the EasyPrivacy+EasyList combination filter
- subscription in the Miscellaneous section of the subscriptions page.
-
- </p>
- </li>
- <li><a href="https://addons.mozilla.org/firefox/addon/82">Cookie Culler</a>
- <p>
-
- Cookie Culler is a handy extension to give quick access to the cookie manager
- in Firefox. It also provides the ability to protect certain cookies from
- deletion, but unfortunately, this behavior does not integrate well with Torbutton. Kory Kirk is working on addressing this for this Google Summer of Code project for 2009.
-
- </p>
- </li>
-
- <li><a href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a>
- <p>
- Torbutton currently mitigates all known anonymity issues with Javascript.
- However, if you are concerned about Javascript exploits against your browser
- or against websites you are logged in to, you may want to use NoScript. It
- provides the ability to allow Javascript only for particular websites
- and also provides mechanisms to force HTTPS urls for sites with
- <a href="http://fscked.org/category/tags/insecurecookies">insecure
- cookies</a>.<br>
-
- It can be difficult to configure such that the most sites will work
- properly though. In particular, you want to make sure you do not remove
- the Javascript whitelist for
- addons.mozilla.org, as extensions are downloaded via http and verified by
- javascript from the https page.
-
- </p></li>
- <li><a href="https://addons.mozilla.org/en-US/firefox/addon/9727/">Request
- Policy</a>
- <p>
-
- Request Policy is similar to NoScript in that it requires that you configure
- which sites are allowed to load content from other domains. It can be very
- difficult for novice users to configure properly, but it does provide a good
- deal of protection against ads, injected content, and cross-site request
- forgery attacks.
-
- </p>
- </li>
-
- </ol>
-
- <a id="securityissues"></a>
- <strong><a class="anchor" href="#securityissues">Are there any other issues I should be concerned about?</a></strong>
-
- <p>
- There are a few known security issues with Torbutton (all of which are due to
- <a href="design/index.html#FirefoxBugs">unfixed
- Firefox security bugs</a>). The most important for anonymity is that it is
- possible to unmask the javascript hooks that wrap the Date object to conceal
- your timezone in Firefox 2, and the timezone masking code does not work at all
- on Firefox 3. We are working with the Firefox team to fix one of <a
- href="https://bugzilla.mozilla.org/show_bug.cgi?id=392274">Bug 399274</a> or
- <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=419598">Bug 419598</a>
- to address this. In the meantime, it is possible to set the <b>TZ</b>
- environment variable to <b>UTC</b> to cause the browser to use UTC as your
- timezone. Under Linux, you can add an <b>export TZ=UTC</b> to the
- /usr/bin/firefox script, or edit your system bashrc to do the same. Under
- Windows, you can set either a <a
- href="http://support.microsoft.com/kb/310519">User or System Environment
- Variable</a> for TZ via My Computer's properties. In MacOS, the situation is
- <a
- href="http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/EnvironmentVars.html#//apple_ref/doc/uid/20002093-BCIJIJBH">a
- lot more complicated</a>, unfortunately.
- </p>
-
- <p>
- In addition, RSS readers such as Firefox Livemarks can perform
- periodic fetches. Due to <a
- href="https://bugzilla.mozilla.org/show_bug.cgi?id=436250">Firefox Bug
- 436250</a>, there is no way to disable Livemark fetches during Tor. This can
- be a problem if you have a lot of custom Livemark urls that can give away
- information about your identity.
- </p>
- </div>
- <!-- END MAINCOL -->
- <div id = "sidecol">
-#include "side.wmi"
-#include "info.wmi"
- </div>
- <!-- END SIDECOL -->
-</div>
-<!-- END CONTENT -->
-#include <foot.wmi>
Deleted: website/branches/web20/projects/en/torbutton-options.wml
===================================================================
--- website/branches/web20/projects/en/torbutton-options.wml 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/projects/en/torbutton-options.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -1,274 +0,0 @@
-## translation metadata
-# Revision: $Revision: 0 $
-# Translation-Priority: 3-low
-
-#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
-<div id="content" class="clearfix">
- <div id="breadcrumbs">
- <a href="<page index>">Home » </a>
- <a href="<page projects/projects>">Projects » </a>
- <a href="<page projects/torbutton>">TorButton » </a>
- <a href="<page projects/torbutton-options>">TorButton Options</a>
- </div>
- <div id="maincol">
- <!-- PUT CONTENT AFTER THIS TAG -->
-
- <h2>Torbutton Options</h2>
- <hr />
-
- <p>Torbutton 1.2.0 adds several new security features to protect your
- anonymity from all the major threats we know about. The defaults should be
- fine (and safest!) for most people, but in case you are the tweaker type,
- or if you prefer to try to outsource some options to more flexible extensions,
- here is the complete list. (In an ideal world, these descriptions should all be
- tooltips in the extension itself, but Firefox bugs <a
- href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a
- href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently
- prevent this.)</p>
-
- <ul>
- <li>Disable plugins on Tor Usage (crucial)<p>
-
- This option is key to Tor security. Plugins perform their own networking
- independent of the browser, and many plugins only partially obey even their own
- proxy settings.
- </p></li>
- <li>Isolate Dynamic Content to Tor State (crucial)<p>
-
- Another crucial option, this setting causes the plugin to disable Javascript
- on tabs that are loaded during a Tor state different than the current one,
- to prevent delayed fetches of injected URLs that contain unique identifiers,
- and to prevent meta-refresh tags from revealing your IP when you turn off
- Tor. It also prevents all fetches from tabs loaded with an opposite Tor
- state. This serves to block non-Javascript dynamic content such as CSS
- popups from revealing your IP address if you disable Tor.
- </p></li>
- <li>Hook Dangerous Javascript (crucial)<p>
-
- This setting enables the Javascript hooking code. Javascript is injected into
- pages to hook the Date object to mask your timezone, and to hook the navigator
- object to mask OS and user agent properties not handled by the standard
- Firefox user agent override settings.
- </p></li>
- <li>Resize window dimensions to multiples of 50px on toggle (recommended)<p>
-
- To cut down on the amount of state available to fingerprint users uniquely,
- this pref causes windows to be resized to a multiple of 50 pixels on each
- side when Tor is enabled and pages are loaded.
- </p></li>
- <li>Disable Updates During Tor (recommended)<p>
-
- Under Firefox 2, many extension authors did not update their extensions from
- SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to
- existing extensions. Since Firefox 3 now enforces encrypted and/or
- authenticated updates, this setting is no longer as important as it once
- was (though updates do leak information about which extensions you have, it is
- fairly infrequent).
- </p></li>
- <li>Disable Search Suggestions during Tor (optional)<p>
-
- This optional setting governs if you get Google search suggestions during Tor
- usage. Since no cookie is transmitted during search suggestions, this is a
- relatively benign behavior.
- </p></li>
- <li>Block Livemarks updates during Tor usage (recommended)<p>
-
- This setting causes Torbutton to disable your <a
- href="http://www.mozilla.com/firefox/livebookmarks.html">Live bookmark</a>
- updates. Since most people use Live bookmarks for RSS feeds from their blog,
- their friends' blogs, the wikipedia page they edit, and other such things,
- these updates probably should not happen over Tor. This feature takes effect
- in Firefox 3.5 and above only.
-
- </p></li>
- <li>Block Tor/Non-Tor access to network from file:// urls (recommended)<p>
-
- These settings prevent local html documents from transmitting local files to
- arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that
- force the browser to save arbitrary pages locally (and also inject script into
- arbitrary html files you save to disk via Tor), it is probably a good idea to
- leave this setting on.
- </p></li>
- <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)<p>
-
- These two settings allow you to obtain a greater degree of assurance that
- after you toggle out of Tor, the pages are really gone and can't perform any
- extra network activity. Currently, there is no known way that pages can still
- perform activity after toggle, but these options exist as a backup measure
- just in case a flaw is discovered. They can also serve as a handy 'Boss
- Button' feature for clearing all Tor browsing off your screen in a hurry.
- </p></li>
- <li>Isolate access to history navigation to Tor state (crucial)<p>
-
- This setting prevents both Javascript and accidental user clicks from causing
- the session history to load pages that were fetched in a different Tor state
- than the current one. Since this can be used to correlate Tor and Non-Tor
- activity and thus determine your IP address, it is marked as a crucial
- setting.
- </p></li>
- <li>Block History Reads during Tor (crucial)<p>
-
- Based on code contributed by <a href="http://www.collinjackson.com/">Collin
- Jackson</a>, when enabled and Tor is enabled, this setting prevents the
- rendering engine from knowing if certain links were visited. This mechanism
- defeats all document-based history disclosure attacks, including CSS-only
- attacks.
- </p></li>
- <li>Block History Reads during Non-Tor (recommended)<p>
-
- This setting accomplishes the same but for your Non-Tor activity.
- </p></li>
- <li>Block History Writes during Tor (recommended)<p>
-
- This setting prevents the rendering engine from recording visited URLs, and
- also disables download manager history. Note that if you allow writing of Tor history,
- it is recommended that you disable non-Tor history reads, since malicious
- websites you visit without Tor can query your history for .onion sites and
- other history recorded during Tor usage (such as Google queries).
- </p></li>
- <li>Block History Writes during Non-Tor (optional)<p>
-
- This setting also disables recording any history information during Non-Tor
- usage.
- </p></li>
- <li>Clear History During Tor Toggle (optional)<p>
-
- This is an alternate setting to use instead of (or in addition to) blocking
- history reads or writes.
- </p></li>
- <li>Block Password+Form saving during Tor/Non-Tor<p>
-
- These options govern if the browser writes your passwords and search
- submissions to disk for the given state.
- </p></li>
- <li>Block Tor disk cache and clear all cache on Tor Toggle<p>
-
- Since the browser cache can be leveraged to store unique identifiers, cache
- must not persist across Tor sessions. This option keeps the memory cache active
- during Tor usage for performance, but blocks disk access for caching.
- </p></li>
- <li>Block disk and memory cache during Tor<p>
-
- This setting entirely blocks the cache during Tor, but preserves it for
- Non-Tor usage.
- </p></li>
- <li>Clear Cookies on Tor Toggle<p>
-
- Fully clears all cookies on Tor toggle.
- </p></li>
- <li>Store Non-Tor cookies in a protected jar<p>
-
- This option stores your persistent Non-Tor cookies in a special cookie jar
- file, in case you wish to preserve some cookies. Based on code contributed
- by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is
- compatible with third party extensions that you use to manage your Non-Tor
- cookies. Your Tor cookies will be cleared on toggle, of course.
- </p></li>
- <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)<p>
-
- This option stores your persistent Tor and Non-Tor cookies
- separate cookie jar files. Note that it is a bad idea to keep Tor
- cookies around for any length of time, as they can be retrieved by exit
- nodes that inject spoofed forms into plaintext pages you fetch.
- </p></li>
- <li>Manage My Own Cookies (dangerous)<p>
-
- This setting allows you to manage your own cookies with an alternate
- extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,
- since malicious exit nodes can spoof document elements that appear to be from
- sites you have preserved cookies for (and can then do things like fetch your
- entire gmail inbox, even if you were not using gmail or visiting any google
- pages at the time!).
- </p></li>
- <li>Do not write Tor/Non-Tor cookies to disk<p>
-
- These settings prevent Firefox from writing any cookies to disk during the
- corresponding Tor state. If cookie jars are enabled, those jars will
- exist in memory only, and will be cleared when Firefox exits.
- </p></li>
- <li>Disable DOM Storage during Tor usage (crucial)<p>
-
- Firefox has recently added the ability to store additional state and
- identifiers in persistent tables, called <a
- href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.
- Obviously this can compromise your anonymity if stored content can be
- fetched across Tor-state.
- </p></li>
- <li>Clear HTTP auth sessions (recommended)<p>
-
- HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site.
- </p></li>
- <li>Clear cookies on Tor/Non-Tor shutdown<p>
-
- These settings install a shutdown handler to clear cookies on Tor
- and/or Non-Tor browser shutdown. It is independent of your Clear Private Data
- settings, and does in fact clear the corresponding cookie jars.
- </p></li>
- <li>Prevent session store from saving Tor-loaded tabs (recommended)<p>
-
- This option augments the session store to prevent it from writing out
- Tor-loaded tabs to disk. Unfortunately, this also disables your ability to
- undo closed tabs. The reason why this setting is recommended is because
- after a session crash, your browser will be in an undefined Tor state, and
- can potentially load a bunch of Tor tabs without Tor. The following option
- is another alternative to protect against this.
- </p></li>
- <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State<p>
-
- This setting allows you to choose which Tor state you want the browser to
- start in normally: Tor, Non-Tor, or whatever state the browser shut down in.
- </p></li>
- <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor<p>
-
- When Firefox crashes, the Tor state upon restart usually is completely
- random, and depending on your choice for the above option, may load
- a bunch of tabs in the wrong state. This setting allows you to choose
- which state the crashed session should always be restored in to.
- </p></li>
- <li>Prevent session store from saving Non-Tor/Tor-loaded tabs<p>
-
- These two settings allow you to control what the Firefox Session Store
- writes to disk. Since the session store state is used to automatically
- load websites after a crash or upgrade, it is advisable not to allow
- Tor tabs to be written to disk, or they may get loaded in Non-Tor
- after a crash (or the reverse, depending upon the crash recovery setting,
- of course).
- </p></li>
- <li>Set user agent during Tor usage (crucial)<p>
-
- User agent masking is done with the idea of making all Tor users appear
- uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this
- string and supporting navigator.* properties, and this version will remain the
- same for all TorButton versions until such time as specific incompatibility
- issues are demonstrated. Uniformity of this value is obviously very important
- to anonymity. Note that for this option to have full effectiveness, the user
- must also allow Hook Dangerous Javascript ensure that the navigator.*
- properties are reset correctly. The browser does not set some of them via the
- exposed user agent override preferences.
- </p></li>
- <li>Spoof US English Browser<p>
-
- This option causes Firefox to send http headers as if it were an English
- browser. Useful for internationalized users.
- </p></li>
- <li>Don't send referrer during Tor Usage<p>
-
- This option disables the referrer header, preventing sites from determining
- where you came from to visit them. This can break some sites, however. <a
- href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.
- A more streamlined, less intrusive version of this option should be available
- eventually. In the meantime, <a
- href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can
- provide this functionality via a default option of <b>Forge</b>.
- </p></li>
- </ul>
- </div>
- <!-- END MAINCOL -->
- <div id = "sidecol">
-#include "side.wmi"
-#include "info.wmi"
- </div>
- <!-- END SIDECOL -->
-</div>
-<!-- END CONTENT -->
-#include <foot.wmi>
Deleted: website/branches/web20/projects/en/torbutton.wml
===================================================================
--- website/branches/web20/projects/en/torbutton.wml 2010-08-18 11:56:02 UTC (rev 22943)
+++ website/branches/web20/projects/en/torbutton.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -1,156 +0,0 @@
-## translation metadata
-# Revision: $Revision: 0 $
-# Translation-Priority: 3-low
-
-#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
-<div id="content" class="clearfix">
- <div id="breadcrumbs">
- <a href="<page index>">Home » </a>
- <a href="<page projects/projects>">Projects » </a>
- <a href="<page projects/torbutton>">TorButton</a>
- </div>
- <div id="maincol">
- <!-- PUT CONTENT AFTER THIS TAG -->
-
- <link rel="search" type="application/opensearchdescription+xml" title="Google Canada" href="search/google-ca.xml"/>
- <link rel="search" type="application/opensearchdescription+xml" title="Google UK" href="search/google-uk.xml" />
- <link rel="search" type="application/opensearchdescription+xml" title="Google USA" href="search/google-us.xml"/>
- <script type="text/javascript">
-
- function addSearchProvider(prov) {
-
- try {
- window.external.AddSearchProvider(prov);
- }
-
- catch (e) {
- alert("Search plugins require Firefox 2");
- return;
- }
- }
-
- function addEngine(name,ext,cat,pid)
- {
- if ((typeof window.sidebar == "object") && (typeof window.sidebar.addSearchEngine == "function")) {
- window.sidebar.addSearchEngine(
- "http://mycroft.mozdev.org/install.php/" + pid + "/" + name + ".src",
- "http://mycroft.mozdev.org/install.php/" + pid + "/" + name + "."+ ext, name, cat );
- } else {
- alert("You will need a browser which supports Sherlock to install this plugin.");
- }
- }
-
- function addOpenSearch(name,ext,cat,pid,meth)
- {
- if ((typeof window.external == "object") && ((typeof window.external.AddSearchProvider == "unknown") || (typeof window.external.AddSearchProvider == "function"))) {
- if ((typeof window.external.AddSearchProvider == "unknown") && meth == "p") {
- alert("This plugin uses POST which is not currently supported by Internet Explorer's implementation of OpenSearch.");
- } else {
- window.external.AddSearchProvider(
- "http://mycroft.mozdev.org/installos.php/" + pid + "/" + name + ".xml");
- }
- } else {
- alert("You will need a browser which supports OpenSearch to install this plugin.");
- }
- }
-
- function addOpenSearch2(name,ext,cat,pid,meth)
- {
- if ((typeof window.external == "object") && ((typeof window.external.AddSearchProvider == "unknown") || (typeof window.external.AddSearchProvider == "function"))) {
- if ((typeof window.external.AddSearchProvider == "unknown") && meth == "p") {
- alert("This plugin uses POST which is not currently supported by Internet Explorer's implementation of OpenSearch.");
- } else {
- window.external.AddSearchProvider(
- "http://torbutton.torproject.org/dev/search/" + name + ".xml");
- }
- } else {
- alert("You will need a browser which supports OpenSearch to install this plugin.");
- }
- }
-
- function install (aEvent)
- {
- var params = {
- "Torbutton": { URL: aEvent.target.href,
- Hash: aEvent.target.getAttribute("hash"),
- toString: function () { return this.URL; }
- }
- };
- InstallTrigger.install(params);
-
- return false;
- }
-
-
- </script>
-
- <h2>Torbutton</h2>
- <hr />
-
- <strong>Current version:</strong><version-torbutton><br/>
- <br/>
- <strong>Authors:</strong> Mike Perry & Scott Squires<br/>
- <br/>
- <strong>Install:</strong> Click to
- <a href="http://www.torproject.org/torbutton/torbutton-current.xpi"
- hash="<version-hash-torbutton>"
- onclick="return install(event);">install from this website</a> or
- <a href="https://addons.mozilla.org/en-US/firefox/downloads/latest/2275/addon-2275-latest.xpi?src=addondetail">install from Mozilla's Add-On site</a><br/>
- <strong>Past Releases:</strong> <a href="releases/">Local</a><br/>
- <strong>Developer Documentation:</strong> <a href="design/">Torbutton Design Document</a> and <a href="design/MozillaBrownBag.pdf">Slides (Not actively updated)</a><br/>
- <strong>Extras:</strong>
-
- Google search plugins for
-
- <a href="/jsreq.html" title="Ref: 14938 (googleCA)"
- onClick="addOpenSearch('GoogleCanada','ico','General','14937','g');return false">Google CA</a>, and
-
- <a href="/jsreq.html" title="Ref: 14938 (googleCA)"
- onClick="addOpenSearch('googleuk_web','png','General','14445','g');return false">Google UK</a>.
- <br/>
- <strong>Source:</strong> You can <a
- href="https://gitweb.torproject.org/torbutton.git">browse the
- repository</a> or simply unzip the xpi.
- <br/>
- <strong>Bug Reports:</strong> <a href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">Torproject flyspray</a><br/>
- <strong>Documents:</strong> <b>[</b> <a href="<page projects/torbutton-faq>">FAQ</a> <b>|</b>
- <a href="https://git.torproject.org/checkout/torbutton/master/src/CHANGELOG">changelog</a> <b>|</b>
- <a href="https://git.torproject.org/checkout/torbutton/master/src/LICENSE">license</a> <b>|</b>
- <a href="https://git.torproject.org/checkout/torbutton/master/src/CREDITS">credits</a> <b>]</b><br/>
-
- <br/>
-
- <p>
- Torbutton is a 1-click way for Firefox users to enable or disable
- the browser's use of <a href="<page index>">Tor</a>.
- It adds a panel to the statusbar that says "Tor Enabled" (in green) or
- "Tor Disabled" (in red). The user may click on the panel to toggle
- the status. If the user (or some other extension) changes the proxy
- settings, the change is automatically reflected in the statusbar.
- </p>
-
- <p>
- To keep you safe, Torbutton disables many types of active content. You
- can learn more from the <a href="<page projects/torbutton-faq>">Torbutton FAQ</a>,
- or read more details in the <a href="<page projects/torbutton-options>">Torbutton
- options</a> list.
- </p>
-
- <p>
- Some users may prefer a toolbar button instead of a statusbar panel.
- Torbutton lets you add a toolbar button by right-clicking
- on the desired toolbar, selecting "Customize...", and then dragging the
- Torbutton icon onto the toolbar. There is an option in the preferences
- to hide the statusbar panel (Tools->Extensions, select Torbutton,
- and click on Preferences).
- </p>
- </div>
- <!-- END MAINCOL -->
- <div id = "sidecol">
-#include "side.wmi"
-#include "info.wmi"
- </div>
- <!-- END SIDECOL -->
-</div>
-<!-- END CONTENT -->
-#include <foot.wmi>
Copied: website/branches/web20/torbutton/Makefile (from rev 22942, website/branches/web20/projects/Makefile)
===================================================================
--- website/branches/web20/torbutton/Makefile (rev 0)
+++ website/branches/web20/torbutton/Makefile 2010-08-18 12:06:31 UTC (rev 22944)
@@ -0,0 +1 @@
+include $(WMLBASE)/Makefile.common
Copied: website/branches/web20/torbutton/en/index.wml (from rev 22942, website/branches/web20/projects/en/torbutton.wml)
===================================================================
--- website/branches/web20/torbutton/en/index.wml (rev 0)
+++ website/branches/web20/torbutton/en/index.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -0,0 +1,155 @@
+## translation metadata
+# Revision: $Revision: 0 $
+# Translation-Priority: 3-low
+
+#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
+<div id="content" class="clearfix">
+ <div id="breadcrumbs">
+ <a href="<page index>">Home » </a>
+ <a href="<page torbutton>">TorButton</a>
+ </div>
+ <div id="maincol">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+
+ <link rel="search" type="application/opensearchdescription+xml" title="Google Canada" href="search/google-ca.xml"/>
+ <link rel="search" type="application/opensearchdescription+xml" title="Google UK" href="search/google-uk.xml" />
+ <link rel="search" type="application/opensearchdescription+xml" title="Google USA" href="search/google-us.xml"/>
+ <script type="text/javascript">
+
+ function addSearchProvider(prov) {
+
+ try {
+ window.external.AddSearchProvider(prov);
+ }
+
+ catch (e) {
+ alert("Search plugins require Firefox 2");
+ return;
+ }
+ }
+
+ function addEngine(name,ext,cat,pid)
+ {
+ if ((typeof window.sidebar == "object") && (typeof window.sidebar.addSearchEngine == "function")) {
+ window.sidebar.addSearchEngine(
+ "http://mycroft.mozdev.org/install.php/" + pid + "/" + name + ".src",
+ "http://mycroft.mozdev.org/install.php/" + pid + "/" + name + "."+ ext, name, cat );
+ } else {
+ alert("You will need a browser which supports Sherlock to install this plugin.");
+ }
+ }
+
+ function addOpenSearch(name,ext,cat,pid,meth)
+ {
+ if ((typeof window.external == "object") && ((typeof window.external.AddSearchProvider == "unknown") || (typeof window.external.AddSearchProvider == "function"))) {
+ if ((typeof window.external.AddSearchProvider == "unknown") && meth == "p") {
+ alert("This plugin uses POST which is not currently supported by Internet Explorer's implementation of OpenSearch.");
+ } else {
+ window.external.AddSearchProvider(
+ "http://mycroft.mozdev.org/installos.php/" + pid + "/" + name + ".xml");
+ }
+ } else {
+ alert("You will need a browser which supports OpenSearch to install this plugin.");
+ }
+ }
+
+ function addOpenSearch2(name,ext,cat,pid,meth)
+ {
+ if ((typeof window.external == "object") && ((typeof window.external.AddSearchProvider == "unknown") || (typeof window.external.AddSearchProvider == "function"))) {
+ if ((typeof window.external.AddSearchProvider == "unknown") && meth == "p") {
+ alert("This plugin uses POST which is not currently supported by Internet Explorer's implementation of OpenSearch.");
+ } else {
+ window.external.AddSearchProvider(
+ "http://torbutton.torproject.org/dev/search/" + name + ".xml");
+ }
+ } else {
+ alert("You will need a browser which supports OpenSearch to install this plugin.");
+ }
+ }
+
+ function install (aEvent)
+ {
+ var params = {
+ "Torbutton": { URL: aEvent.target.href,
+ Hash: aEvent.target.getAttribute("hash"),
+ toString: function () { return this.URL; }
+ }
+ };
+ InstallTrigger.install(params);
+
+ return false;
+ }
+
+
+ </script>
+
+ <h2>Torbutton</h2>
+ <hr />
+
+ <strong>Current version:</strong><version-torbutton><br/>
+ <br/>
+ <strong>Authors:</strong> Mike Perry & Scott Squires<br/>
+ <br/>
+ <strong>Install:</strong> Click to
+ <a href="http://www.torproject.org/torbutton/torbutton-current.xpi"
+ hash="<version-hash-torbutton>"
+ onclick="return install(event);">install from this website</a> or
+ <a href="https://addons.mozilla.org/en-US/firefox/downloads/latest/2275/addon-2275-latest.xpi?src=addondetail">install from Mozilla's Add-On site</a><br/>
+ <strong>Past Releases:</strong> <a href="releases/">Local</a><br/>
+ <strong>Developer Documentation:</strong> <a href="design/">Torbutton Design Document</a> and <a href="design/MozillaBrownBag.pdf">Slides (Not actively updated)</a><br/>
+ <strong>Extras:</strong>
+
+ Google search plugins for
+
+ <a href="/jsreq.html" title="Ref: 14938 (googleCA)"
+ onClick="addOpenSearch('GoogleCanada','ico','General','14937','g');return false">Google CA</a>, and
+
+ <a href="/jsreq.html" title="Ref: 14938 (googleCA)"
+ onClick="addOpenSearch('googleuk_web','png','General','14445','g');return false">Google UK</a>.
+ <br/>
+ <strong>Source:</strong> You can <a
+ href="https://gitweb.torproject.org/torbutton.git">browse the
+ repository</a> or simply unzip the xpi.
+ <br/>
+ <strong>Bug Reports:</strong> <a href="https://trac.torproject.org/">Torproject Bug Tracker</a><br/>
+ <strong>Documents:</strong> <b>[</b> <a href="<page torbutton/torbutton-faq>">FAQ</a> <b>|</b>
+ <a href="https://git.torproject.org/checkout/torbutton/master/src/CHANGELOG">changelog</a> <b>|</b>
+ <a href="https://git.torproject.org/checkout/torbutton/master/src/LICENSE">license</a> <b>|</b>
+ <a href="https://git.torproject.org/checkout/torbutton/master/src/CREDITS">credits</a> <b>]</b><br/>
+
+ <br/>
+
+ <p>
+ Torbutton is a 1-click way for Firefox users to enable or disable
+ the browser's use of <a href="<page index>">Tor</a>.
+ It adds a panel to the statusbar that says "Tor Enabled" (in green) or
+ "Tor Disabled" (in red). The user may click on the panel to toggle
+ the status. If the user (or some other extension) changes the proxy
+ settings, the change is automatically reflected in the statusbar.
+ </p>
+
+ <p>
+ To keep you safe, Torbutton disables many types of active content. You
+ can learn more from the <a href="<page torbutton/torbutton-faq>">Torbutton FAQ</a>,
+ or read more details in the <a href="<page torbutton/torbutton-options>">Torbutton
+ options</a> list.
+ </p>
+
+ <p>
+ Some users may prefer a toolbar button instead of a statusbar panel.
+ Torbutton lets you add a toolbar button by right-clicking
+ on the desired toolbar, selecting "Customize...", and then dragging the
+ Torbutton icon onto the toolbar. There is an option in the preferences
+ to hide the statusbar panel (Tools->Extensions, select Torbutton,
+ and click on Preferences).
+ </p>
+ </div>
+ <!-- END MAINCOL -->
+ <div id = "sidecol">
+#include "side.wmi"
+#include "info.wmi"
+ </div>
+ <!-- END SIDECOL -->
+</div>
+<!-- END CONTENT -->
+#include <foot.wmi>
Copied: website/branches/web20/torbutton/en/torbutton-faq.wml (from rev 22942, website/branches/web20/projects/en/torbutton-faq.wml)
===================================================================
--- website/branches/web20/torbutton/en/torbutton-faq.wml (rev 0)
+++ website/branches/web20/torbutton/en/torbutton-faq.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -0,0 +1,353 @@
+## translation metadata
+# Revision: $Revision: 0 $
+# Translation-Priority: 3-low
+
+#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
+<div id="content" class="clearfix">
+ <div id="breadcrumbs">
+ <a href="<page index>">Home » </a>
+ <a href="<page torbutton/>">TorButton » </a>
+ <a href="<page torbutton/torbutton-faq>">TorButton FAQ</a>
+ </div>
+ <div id="maincol">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+
+ <h2>Torbutton FAQ</h2>
+ <hr />
+
+ <h3>Questions</h3>
+ <br />
+ <ul>
+ <li><a href="<page torbutton/torbutton-faq>#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#noflash">I can't view videos on YouTube and other flash-based sites. Why?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find annoying. Can't I just use the old version?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#weirdstate">My browser is in some weird state where nothing works right!</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes for me. Why?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#thunderbird">What about Thunderbird support? I see a page, but it is the wrong version?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#extensionconflicts">Which Firefox extensions should I avoid using?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#recommendedextensions">Which Firefox extensions do you recommend?</a></li>
+ <li><a href="<page torbutton/torbutton-faq>#securityissues">Are there any other issues I should be concerned about?</a></li>
+ </ul>
+ <br />
+
+ <a id="nojavascript"></a>
+ <strong><a class="anchor" href="#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></strong>
+
+ <p>
+ Javascript can do things like wait until you have disabled Tor before trying
+ to contact its source site, thus revealing your IP address. As such, Torbutton
+ must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor
+ state changes from the state that was used to load a given page. These features
+ are re-enabled when Torbutton goes back into the state that was used to load
+ the page, but in some cases (particularly with Javascript and CSS) it is
+ sometimes not possible to fully recover from the resulting errors, and the
+ page is broken. Unfortunately, the only thing you can do (and still remain
+ safe from having your IP address leak) is to reload the page when you toggle
+ Tor, or just ensure you do all your work in a page before switching tor state.
+ </p>
+
+ <a id="noreloads"></a>
+ <strong><a class="anchor" href="#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></strong>
+
+ <p>
+ Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
+ Bug 409737</a>, pages can still open popups and perform Javascript redirects
+ and history access after Tor has been toggled. These popups and redirects can
+ be blocked, but unfortunately they are indistinguishable from normal user
+ interactions with the page (such as clicking on links, opening them in new
+ tabs/windows, or using the history buttons), and so those are blocked as a
+ side effect. Once that Firefox bug is fixed, this degree of isolation will
+ become optional (for people who do not want to accidentally click on links and
+ give away information via referrers). A workaround is to right click on the
+ link, and open it in a new tab or window. The tab or window won't load
+ automatically, but you can hit enter in the URL bar, and it will begin
+ loading. Hitting enter in the URL bar will also reload the page without
+ clicking the reload button.
+ </p>
+
+ <a id="noflash"></a>
+ <strong><a class="anchor" href="#noflash">I can't view videos on YouTube and
+ other Flash-based sites. Why?</a></strong>
+
+ <p>
+
+ YouTube and similar sites require third party browser plugins such as Flash.
+ Plugins operate independently from Firefox and can perform
+ activity on your computer that ruins your anonymity. This includes
+ but is not limited to: <a href="http://decloak.net">completely disregarding
+ proxy settings</a>, querying your <a
+ href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local
+ IP address</a>, and <a
+ href="http://epic.org/privacy/cookies/flash.html">storing their own
+ cookies</a>. It is possible to use a LiveCD solution such as
+ or <a href="https://amnesia.boum.org/">The (Amnesic) Incognito Live System</a> that creates a
+ secure, transparent proxy to protect you from proxy bypass, however issues
+ with local IP address discovery and Flash cookies still remain. </p>
+
+ <p>
+
+ If you are not concerned about being tracked by these sites (and sites that
+ try to unmask you by pretending to be them), and are unconcerned about your
+ local censors potentially noticing you visit them, you can enable plugins by
+ going into the Torbutton Preferences->Security Settings->Dynamic Content
+ tab and unchecking "Disable plugins during Tor usage" box. If you do this
+ without Tor VM, The (Amnesic) Incognito Live System or appropriate
+ firewall rules, we strongly suggest you at least use <a
+ href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a> to <a
+ href="http://noscript.net/features#contentblocking">block plugins</a>. You do
+ not need to use the NoScript per-domain permissions if you check the <b>Apply
+ these restrictions to trusted sites too</b> option under the NoScript Plugins
+ preference tab. In fact, with this setting you can even have NoScript allow
+ Javascript globally, but still block all plugins until you click on their
+ placeholders in a page. We also recommend <a
+ href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better Privacy</a>
+ in this case to help you clear your Flash cookies.
+
+ </p>
+
+ <a id="oldtorbutton"></a>
+ <strong><a class="anchor" href="#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find
+ annoying. Can't I just use the old version?</a></strong>
+
+ <p>
+
+ <b>No.</b> Use of the old version, or any other vanilla proxy changer
+ (including FoxyProxy -- see below) without Torbutton is actively discouraged.
+ Seriously. Using a vanilla proxy switcher by itself is so insecure that you are
+ not only just wasting your time, you are also actually endangering yourself.
+ <b>Simply do not use Tor</b> and you will have the same (and in some cases,
+ better) security. For more information on the types of attacks you are exposed
+ to with a "homegrown" solution, please see <a
+ href="design/index.html#adversary">The Torbutton
+ Adversary Model</a>, in particular the <a
+ href="design/index.html#attacks">Adversary
+ Capabilities - Attacks</a> subsection. If there are any specific Torbutton
+ behaviors that you do not like, please file a bug on <a
+ href="https://trac.torproject.org/">the
+ bug tracker.</a> Most of Torbutton's security features can also be disabled via
+ its preferences, if you think you have your own protection for those specific
+ cases.
+
+ </p>
+
+ <a id="weirdstate"></a>
+ <strong><a class="anchor" href="#weirdstate">My browser is in some weird state where nothing works right!</a></strong>
+
+ <p>
+ Try to disable Tor by clicking on the button, and then open a new window. If
+ that doesn't fix the issue, go to the preferences page and hit 'Restore
+ Defaults'. This should reset the extension and Firefox to a known good
+ configuration. If you can manage to reproduce whatever issue gets your
+ Firefox wedged, please file details at <a
+ href="https://trac.torproject.org/">the bug tracker</a>.
+ </p>
+
+ <a id="noautocomplete"></a>
+ <strong><a class="anchor" href="#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes
+ for me. Why?</a></strong>
+
+ <p>
+ Currently, this is tied to the "<b>Block history writes during Tor</b>"
+ setting. If you have enabled that setting, all formfill functionality (both
+ saving and reading) is disabled. If this bothers you, you can uncheck that
+ option, but both history and forms will be saved. To prevent history
+ disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
+ history reads if you allow history writing during Tor.
+ </p>
+
+ <a id="thunderbird"></a>
+ <strong><a class="anchor" href="#thunderbird">What about Thunderbird support? I see a page, but it is the wrong
+ version?</a></strong>
+
+ <p>
+ Torbutton used to support basic proxy switching on Thunderbird back in the 1.0
+ days, but that support has been removed because it has not been analyzed for
+ security. My developer tools page on addons.mozilla.org clearly lists Firefox
+ support only, so I don't know why they didn't delete that Thunderbird listing.
+ I am not a Thunderbird user and unfortunately, I don't have time to analyze
+ the security issues involved with toggling proxy settings in that app. It
+ likely suffers from similar (but not identical) state and proxy leak issues
+ with html mail, embedded images, javascript, plugins and automatic network
+ access. My recommendation is to create a completely separate Thunderbird
+ profile for your Tor accounts and use that instead of trying to toggle proxy
+ settings. But if you really like to roll fast and loose with your IP, you
+ could try another proxy switcher like ProxyButton, SwitchProxy or FoxyProxy
+ (if any of those happen to support thunderbird).
+ </p>
+
+ <a id="extensionconflicts"></a>
+ <strong><a class="anchor" href="#extensionconflicts">Which Firefox extensions should I avoid using?</a></strong>
+
+ <p>
+ This is a tough one. There are thousands of Firefox extensions: making a
+ complete list of ones that are bad for anonymity is near impossible. However,
+ here are a few examples that should get you started as to what sorts of
+ behavior are dangerous.
+ </p>
+
+ <ol>
+ <li>StumbleUpon, et al
+ <p>
+ These extensions will send all sorts of information about the websites you
+ visit to the stumbleupon servers, and correlate this information with a
+ unique identifier. This is obviously terrible for your anonymity.
+ More generally, any sort of extension that requires registration, or even
+ extensions that provide information about websites you visit should be
+ suspect.
+ </p></li>
+ <li>FoxyProxy
+ <p>
+ While FoxyProxy is a nice idea in theory, in practice it is impossible to
+ configure securely for Tor usage without Torbutton. Like all vanilla third
+ party proxy plugins, the main risks are <a
+ href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
+ and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
+ disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
+ adservers (see the <a href="design/index.html#adversary">Torbutton Adversary
+ Model</a> for more information). However, with Torbutton installed in tandem
+ and always enabled, it is possible to configure FoxyProxy securely (though it
+ is tricky). Since FoxyProxy's 'Patterns' mode only applies to specific urls,
+ and not to an entire tab, setting FoxyProxy to only send specific sites
+ through Tor will still allow adservers (whose hosts don't match your filters) to learn your real IP. Worse, when
+ sites use offsite logging services such as Google Analytics, you will
+ still end up in their logs with your real IP. Malicious exit nodes can also
+ cooperate with sites to inject images into pages that bypass your filters.
+ Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in
+ this regard, but be very careful with the filters you allow. For example,
+ something as simple as allowing *google* to go via Non-Tor will still cause you to end up
+ in all the logs of all websites that use Google Analytics! See
+ <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this question</a> on
+ the FoxyProxy FAQ for more information.
+ </p></li>
+ </ol>
+
+ <a id="recommendedextensions"></a>
+ <strong><a class="anchor" href="#recommendedextensions">Which Firefox extensions do you recommend?</a></strong>
+ <ol>
+ <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a>
+ <p>
+ Mentioned above, this extension allows more fine-grained referrer spoofing
+ than Torbutton currently provides. It should break less sites than Torbutton's
+ referrer spoofing option.</p></li>
+
+ <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a>
+ <p>
+ If you use Tor excessively, and rarely disable it, you probably want to
+ install this extension to minimize the ability of sites to store long term
+ identifiers in your cache. This extension applies same origin policy to the
+ cache, so that elements are retrieved from the cache only if they are fetched
+ from a document in the same origin domain as the cached element.
+ </p></li>
+
+ <li><a href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better
+ Privacy</a>
+ <p>
+
+ Better Privacy is an excellent extension that protects you from cookies used
+ by Flash applications, which often persist forever and are not clearable via
+ normal Firefox "Private Data" clearing. Flash and all other plugins are
+ disabled by Torbutton by default, but if you are interested in privacy, you
+ may want this extension to allow you to inspect and automatically clear your
+ Flash cookies for your Non-Tor usage.
+
+ </p>
+ </li>
+ <li><a href="https://addons.mozilla.org/firefox/addon/1865">AdBlock Plus</a>
+ <p>
+
+ AdBlock Plus is an excellent addon for removing annoying, privacy-invading,
+ and <a
+ href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick">malware-distributing</a>
+ advertisements from the web. It provides
+ <a href="http://adblockplus.org/en/subscriptions">subscriptions</a> that are
+ continually updated to catch the latest efforts of ad networks to circumvent
+ these filters. I recommend the EasyPrivacy+EasyList combination filter
+ subscription in the Miscellaneous section of the subscriptions page.
+
+ </p>
+ </li>
+ <li><a href="https://addons.mozilla.org/firefox/addon/82">Cookie Culler</a>
+ <p>
+
+ Cookie Culler is a handy extension to give quick access to the cookie manager
+ in Firefox. It also provides the ability to protect certain cookies from
+ deletion, but unfortunately, this behavior does not integrate well with Torbutton. Kory Kirk is working on addressing this for this Google Summer of Code project for 2009.
+
+ </p>
+ </li>
+
+ <li><a href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a>
+ <p>
+ Torbutton currently mitigates all known anonymity issues with Javascript.
+ However, if you are concerned about Javascript exploits against your browser
+ or against websites you are logged in to, you may want to use NoScript. It
+ provides the ability to allow Javascript only for particular websites
+ and also provides mechanisms to force HTTPS urls for sites with
+ <a href="http://fscked.org/category/tags/insecurecookies">insecure
+ cookies</a>.<br>
+
+ It can be difficult to configure such that the most sites will work
+ properly though. In particular, you want to make sure you do not remove
+ the Javascript whitelist for
+ addons.mozilla.org, as extensions are downloaded via http and verified by
+ javascript from the https page.
+
+ </p></li>
+ <li><a href="https://addons.mozilla.org/en-US/firefox/addon/9727/">Request
+ Policy</a>
+ <p>
+
+ Request Policy is similar to NoScript in that it requires that you configure
+ which sites are allowed to load content from other domains. It can be very
+ difficult for novice users to configure properly, but it does provide a good
+ deal of protection against ads, injected content, and cross-site request
+ forgery attacks.
+
+ </p>
+ </li>
+
+ </ol>
+
+ <a id="securityissues"></a>
+ <strong><a class="anchor" href="#securityissues">Are there any other issues I should be concerned about?</a></strong>
+
+ <p>
+ There are a few known security issues with Torbutton (all of which are due to
+ <a href="design/index.html#FirefoxBugs">unfixed
+ Firefox security bugs</a>). The most important for anonymity is that it is
+ possible to unmask the javascript hooks that wrap the Date object to conceal
+ your timezone in Firefox 2, and the timezone masking code does not work at all
+ on Firefox 3. We are working with the Firefox team to fix one of <a
+ href="https://bugzilla.mozilla.org/show_bug.cgi?id=392274">Bug 399274</a> or
+ <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=419598">Bug 419598</a>
+ to address this. In the meantime, it is possible to set the <b>TZ</b>
+ environment variable to <b>UTC</b> to cause the browser to use UTC as your
+ timezone. Under Linux, you can add an <b>export TZ=UTC</b> to the
+ /usr/bin/firefox script, or edit your system bashrc to do the same. Under
+ Windows, you can set either a <a
+ href="http://support.microsoft.com/kb/310519">User or System Environment
+ Variable</a> for TZ via My Computer's properties. In MacOS, the situation is
+ <a
+ href="http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/EnvironmentVars.html#//apple_ref/doc/uid/20002093-BCIJIJBH">a
+ lot more complicated</a>, unfortunately.
+ </p>
+
+ <p>
+ In addition, RSS readers such as Firefox Livemarks can perform
+ periodic fetches. Due to <a
+ href="https://bugzilla.mozilla.org/show_bug.cgi?id=436250">Firefox Bug
+ 436250</a>, there is no way to disable Livemark fetches during Tor. This can
+ be a problem if you have a lot of custom Livemark urls that can give away
+ information about your identity.
+ </p>
+ </div>
+ <!-- END MAINCOL -->
+ <div id = "sidecol">
+#include "side.wmi"
+#include "info.wmi"
+ </div>
+ <!-- END SIDECOL -->
+</div>
+<!-- END CONTENT -->
+#include <foot.wmi>
Copied: website/branches/web20/torbutton/en/torbutton-options.wml (from rev 22942, website/branches/web20/projects/en/torbutton-options.wml)
===================================================================
--- website/branches/web20/torbutton/en/torbutton-options.wml (rev 0)
+++ website/branches/web20/torbutton/en/torbutton-options.wml 2010-08-18 12:06:31 UTC (rev 22944)
@@ -0,0 +1,274 @@
+## translation metadata
+# Revision: $Revision: 0 $
+# Translation-Priority: 3-low
+
+#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"
+<div id="content" class="clearfix">
+ <div id="breadcrumbs">
+ <a href="<page index>">Home » </a>
+ <a href="<page projects/projects>">Projects » </a>
+ <a href="<page projects/torbutton>">TorButton » </a>
+ <a href="<page projects/torbutton-options>">TorButton Options</a>
+ </div>
+ <div id="maincol">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+
+ <h2>Torbutton Options</h2>
+ <hr />
+
+ <p>Torbutton 1.2.0 adds several new security features to protect your
+ anonymity from all the major threats we know about. The defaults should be
+ fine (and safest!) for most people, but in case you are the tweaker type,
+ or if you prefer to try to outsource some options to more flexible extensions,
+ here is the complete list. (In an ideal world, these descriptions should all be
+ tooltips in the extension itself, but Firefox bugs <a
+ href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a
+ href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently
+ prevent this.)</p>
+
+ <ul>
+ <li>Disable plugins on Tor Usage (crucial)<p>
+
+ This option is key to Tor security. Plugins perform their own networking
+ independent of the browser, and many plugins only partially obey even their own
+ proxy settings.
+ </p></li>
+ <li>Isolate Dynamic Content to Tor State (crucial)<p>
+
+ Another crucial option, this setting causes the plugin to disable Javascript
+ on tabs that are loaded during a Tor state different than the current one,
+ to prevent delayed fetches of injected URLs that contain unique identifiers,
+ and to prevent meta-refresh tags from revealing your IP when you turn off
+ Tor. It also prevents all fetches from tabs loaded with an opposite Tor
+ state. This serves to block non-Javascript dynamic content such as CSS
+ popups from revealing your IP address if you disable Tor.
+ </p></li>
+ <li>Hook Dangerous Javascript (crucial)<p>
+
+ This setting enables the Javascript hooking code. Javascript is injected into
+ pages to hook the Date object to mask your timezone, and to hook the navigator
+ object to mask OS and user agent properties not handled by the standard
+ Firefox user agent override settings.
+ </p></li>
+ <li>Resize window dimensions to multiples of 50px on toggle (recommended)<p>
+
+ To cut down on the amount of state available to fingerprint users uniquely,
+ this pref causes windows to be resized to a multiple of 50 pixels on each
+ side when Tor is enabled and pages are loaded.
+ </p></li>
+ <li>Disable Updates During Tor (recommended)<p>
+
+ Under Firefox 2, many extension authors did not update their extensions from
+ SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to
+ existing extensions. Since Firefox 3 now enforces encrypted and/or
+ authenticated updates, this setting is no longer as important as it once
+ was (though updates do leak information about which extensions you have, it is
+ fairly infrequent).
+ </p></li>
+ <li>Disable Search Suggestions during Tor (optional)<p>
+
+ This optional setting governs if you get Google search suggestions during Tor
+ usage. Since no cookie is transmitted during search suggestions, this is a
+ relatively benign behavior.
+ </p></li>
+ <li>Block Livemarks updates during Tor usage (recommended)<p>
+
+ This setting causes Torbutton to disable your <a
+ href="http://www.mozilla.com/firefox/livebookmarks.html">Live bookmark</a>
+ updates. Since most people use Live bookmarks for RSS feeds from their blog,
+ their friends' blogs, the wikipedia page they edit, and other such things,
+ these updates probably should not happen over Tor. This feature takes effect
+ in Firefox 3.5 and above only.
+
+ </p></li>
+ <li>Block Tor/Non-Tor access to network from file:// urls (recommended)<p>
+
+ These settings prevent local html documents from transmitting local files to
+ arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that
+ force the browser to save arbitrary pages locally (and also inject script into
+ arbitrary html files you save to disk via Tor), it is probably a good idea to
+ leave this setting on.
+ </p></li>
+ <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)<p>
+
+ These two settings allow you to obtain a greater degree of assurance that
+ after you toggle out of Tor, the pages are really gone and can't perform any
+ extra network activity. Currently, there is no known way that pages can still
+ perform activity after toggle, but these options exist as a backup measure
+ just in case a flaw is discovered. They can also serve as a handy 'Boss
+ Button' feature for clearing all Tor browsing off your screen in a hurry.
+ </p></li>
+ <li>Isolate access to history navigation to Tor state (crucial)<p>
+
+ This setting prevents both Javascript and accidental user clicks from causing
+ the session history to load pages that were fetched in a different Tor state
+ than the current one. Since this can be used to correlate Tor and Non-Tor
+ activity and thus determine your IP address, it is marked as a crucial
+ setting.
+ </p></li>
+ <li>Block History Reads during Tor (crucial)<p>
+
+ Based on code contributed by <a href="http://www.collinjackson.com/">Collin
+ Jackson</a>, when enabled and Tor is enabled, this setting prevents the
+ rendering engine from knowing if certain links were visited. This mechanism
+ defeats all document-based history disclosure attacks, including CSS-only
+ attacks.
+ </p></li>
+ <li>Block History Reads during Non-Tor (recommended)<p>
+
+ This setting accomplishes the same but for your Non-Tor activity.
+ </p></li>
+ <li>Block History Writes during Tor (recommended)<p>
+
+ This setting prevents the rendering engine from recording visited URLs, and
+ also disables download manager history. Note that if you allow writing of Tor history,
+ it is recommended that you disable non-Tor history reads, since malicious
+ websites you visit without Tor can query your history for .onion sites and
+ other history recorded during Tor usage (such as Google queries).
+ </p></li>
+ <li>Block History Writes during Non-Tor (optional)<p>
+
+ This setting also disables recording any history information during Non-Tor
+ usage.
+ </p></li>
+ <li>Clear History During Tor Toggle (optional)<p>
+
+ This is an alternate setting to use instead of (or in addition to) blocking
+ history reads or writes.
+ </p></li>
+ <li>Block Password+Form saving during Tor/Non-Tor<p>
+
+ These options govern if the browser writes your passwords and search
+ submissions to disk for the given state.
+ </p></li>
+ <li>Block Tor disk cache and clear all cache on Tor Toggle<p>
+
+ Since the browser cache can be leveraged to store unique identifiers, cache
+ must not persist across Tor sessions. This option keeps the memory cache active
+ during Tor usage for performance, but blocks disk access for caching.
+ </p></li>
+ <li>Block disk and memory cache during Tor<p>
+
+ This setting entirely blocks the cache during Tor, but preserves it for
+ Non-Tor usage.
+ </p></li>
+ <li>Clear Cookies on Tor Toggle<p>
+
+ Fully clears all cookies on Tor toggle.
+ </p></li>
+ <li>Store Non-Tor cookies in a protected jar<p>
+
+ This option stores your persistent Non-Tor cookies in a special cookie jar
+ file, in case you wish to preserve some cookies. Based on code contributed
+ by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is
+ compatible with third party extensions that you use to manage your Non-Tor
+ cookies. Your Tor cookies will be cleared on toggle, of course.
+ </p></li>
+ <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)<p>
+
+ This option stores your persistent Tor and Non-Tor cookies
+ separate cookie jar files. Note that it is a bad idea to keep Tor
+ cookies around for any length of time, as they can be retrieved by exit
+ nodes that inject spoofed forms into plaintext pages you fetch.
+ </p></li>
+ <li>Manage My Own Cookies (dangerous)<p>
+
+ This setting allows you to manage your own cookies with an alternate
+ extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,
+ since malicious exit nodes can spoof document elements that appear to be from
+ sites you have preserved cookies for (and can then do things like fetch your
+ entire gmail inbox, even if you were not using gmail or visiting any google
+ pages at the time!).
+ </p></li>
+ <li>Do not write Tor/Non-Tor cookies to disk<p>
+
+ These settings prevent Firefox from writing any cookies to disk during the
+ corresponding Tor state. If cookie jars are enabled, those jars will
+ exist in memory only, and will be cleared when Firefox exits.
+ </p></li>
+ <li>Disable DOM Storage during Tor usage (crucial)<p>
+
+ Firefox has recently added the ability to store additional state and
+ identifiers in persistent tables, called <a
+ href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.
+ Obviously this can compromise your anonymity if stored content can be
+ fetched across Tor-state.
+ </p></li>
+ <li>Clear HTTP auth sessions (recommended)<p>
+
+ HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site.
+ </p></li>
+ <li>Clear cookies on Tor/Non-Tor shutdown<p>
+
+ These settings install a shutdown handler to clear cookies on Tor
+ and/or Non-Tor browser shutdown. It is independent of your Clear Private Data
+ settings, and does in fact clear the corresponding cookie jars.
+ </p></li>
+ <li>Prevent session store from saving Tor-loaded tabs (recommended)<p>
+
+ This option augments the session store to prevent it from writing out
+ Tor-loaded tabs to disk. Unfortunately, this also disables your ability to
+ undo closed tabs. The reason why this setting is recommended is because
+ after a session crash, your browser will be in an undefined Tor state, and
+ can potentially load a bunch of Tor tabs without Tor. The following option
+ is another alternative to protect against this.
+ </p></li>
+ <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State<p>
+
+ This setting allows you to choose which Tor state you want the browser to
+ start in normally: Tor, Non-Tor, or whatever state the browser shut down in.
+ </p></li>
+ <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor<p>
+
+ When Firefox crashes, the Tor state upon restart usually is completely
+ random, and depending on your choice for the above option, may load
+ a bunch of tabs in the wrong state. This setting allows you to choose
+ which state the crashed session should always be restored in to.
+ </p></li>
+ <li>Prevent session store from saving Non-Tor/Tor-loaded tabs<p>
+
+ These two settings allow you to control what the Firefox Session Store
+ writes to disk. Since the session store state is used to automatically
+ load websites after a crash or upgrade, it is advisable not to allow
+ Tor tabs to be written to disk, or they may get loaded in Non-Tor
+ after a crash (or the reverse, depending upon the crash recovery setting,
+ of course).
+ </p></li>
+ <li>Set user agent during Tor usage (crucial)<p>
+
+ User agent masking is done with the idea of making all Tor users appear
+ uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this
+ string and supporting navigator.* properties, and this version will remain the
+ same for all TorButton versions until such time as specific incompatibility
+ issues are demonstrated. Uniformity of this value is obviously very important
+ to anonymity. Note that for this option to have full effectiveness, the user
+ must also allow Hook Dangerous Javascript ensure that the navigator.*
+ properties are reset correctly. The browser does not set some of them via the
+ exposed user agent override preferences.
+ </p></li>
+ <li>Spoof US English Browser<p>
+
+ This option causes Firefox to send http headers as if it were an English
+ browser. Useful for internationalized users.
+ </p></li>
+ <li>Don't send referrer during Tor Usage<p>
+
+ This option disables the referrer header, preventing sites from determining
+ where you came from to visit them. This can break some sites, however. <a
+ href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.
+ A more streamlined, less intrusive version of this option should be available
+ eventually. In the meantime, <a
+ href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can
+ provide this functionality via a default option of <b>Forge</b>.
+ </p></li>
+ </ul>
+ </div>
+ <!-- END MAINCOL -->
+ <div id = "sidecol">
+#include "side.wmi"
+#include "info.wmi"
+ </div>
+ <!-- END SIDECOL -->
+</div>
+<!-- END CONTENT -->
+#include <foot.wmi>
More information about the tor-commits
mailing list