Another Method to Block Java Hijinks

norvid norvid at gmail.com
Fri Apr 13 10:46:36 UTC 2007


On 4/13/07, scar <scar at drigon.com> wrote:

> i think what we are trying to say here, is: even though this configuration may prevent java from determining the user's IP, it does not prevent java from determining other personal information.
>
> this information may include: the local time of the user's machine, screen resolution & color depth, operating system & browser version (if this is found to differ from the UserAgent reply, isn't that suspicious?), and probably many, many other items.  these could be just as revealing as an IP address.  so, unfortunately, i don't see the point of this configuration with anonymity in mind.

Long before the recent discussions on Java and other browser
technologies, I had realized that your IP could be revealed thru Java
as shown on the stayinvisible site.  I was somewhat surprised that
this was not documented.  I'm glad to see that it is now being
addressed.  I would hate to see someone in a hostile environment in
perhaps a life and death situation rely on tor and not realize that
other things also need to be locked down.  Again, I brought up the
thing about the firewall just because I think it is important to know
about all ways that privacy can be protected.

I am not a coder nor do I have any formal background in networks,
privacy, or security.  However, I find it highly interesting and I've
spent alot of time finding out how these things work.  I also
understand how difficult configuration can be to an average
internetter.  Afterall, it wasn't too long ago that I didn't have a
clue.



More information about the tor-talk mailing list