suggestion for 'is my installation of tor working?' page

Ringo Kamens 2600denver at gmail.com
Sat Feb 17 04:08:25 UTC 2007 

I think asking people to switch to linux and text-only browsers is
fairly onerous. Firefox is very intiutive to IE users and isn't really
a "switch".
Ringo Kamens

On 2/16/07, Watson Ladd <watsonbladd at gmail.com> wrote:
> Ringo Kamens wrote:
> > I agree, people are working on network-wide attacks (which is great)
> > but the biggest and most obvious risk to user privacy/anonymity is
> > scripts. Perhaps firefox and noscript should come bundled and
> > configured?
> > Ringo Kamens
> How about lynx? Prompts on every cookie, no javascript, no flash, no
> java. And with no images, much faster over tor.
> Watson Ladd
> >
> > On 2/15/07, James Muir <jamuir at scs.carleton.ca> wrote:
> >> Nick Mathewson wrote:
> >> > On Sun, Feb 04, 2007 at 08:58:36PM -0800, Wesley Kenzie wrote:
> >> >> I've got an initial version up now at
> >> http://www.showmyip.com/torstatus/
> >> -
> >> >> feedback welcome!  More content and links to come!
> >> >
> >> > As others have noted, this is really excellent, but there's way too
> >> > much information there for it to be useful for unsophisticated users.
> >> > There's no way that my dad, for example could tell that his window
> >> > width and height identify him far more uniquely than do his User-Agent
> >> > or his "DMA code".
> >> >
> >> > Maybe there should be some kind of "What I Learned" section at the
> >> > top, with parts like:
> >> >
> >> >   Javascript said:   "Your IP is x.y.z.w".
> >> >      (Learn more about how to disable Javascript _here_.),
> >> >   Java said: "Your IP is x.y.z.w.":
> >> >      (Learn more about how to disable Java _here_.)
> >> >
> >> > That is, sort information by order of significance of disclosure, and
> >> > for each piece of information, tell users what it means, how much it
> >> > isolates them, and how to stop disclosing it.
> >> >
> >> > Also, is there some way to see, use, and distribute the source for
> >> > these pages?  As long as you operate them, yours will of course be
> >> > most popular, but my free software instincts make me ask "what do we
> >> > do if Wesley is unavailable for a while?"
> >>
> >> Along with having a web page which attempts to educate Tor users about
> >> the dangers of executing Java, JavaScript, Flash, etc. in their
> >> browsers, I think there also needs to be a stronger warning about this
> >> on the main Tor web site (tor.eff.org).  There is a warning on the wiki
> >> but this is something that's important enough to promote to the main
> >> page (and have translated).
> >>
> >> There are Java and Flash applets that, when run in a Tor user's browser,
> >> will open non-proxied connections back to their originating web sites
> >> and thus expose a user's real IP address.  This is, I think, the most
> >> serious threat to Tor users who don't disable these in their browsers --
> >> never mind fingerprinting my machine by capturing my screen resolution,
> >> etc. with JavaScript.
> >>
> >> The NoScript extension with FireFox works great -- it disables all
> >> scripts and plugins.  I hope people who really need anonymity are using
> >> these.  However, I expect that many are using IE.  I don't run Windows,
> >> but I would guess that there probably isn't an easy way to disable Flash
> >> in IE.  A clear warning with the Tor client installation instructions
> >> might help new Tor users better protect their anonymity.
> >>
> >> -James
> >>
> >>
> >
>
>
>

More information about the tor-talk mailing list