e-mail and anonymity

Charles.F Charles.f at swing.be
Sat Aug 16 18:03:44 UTC 2008 

So, correct me if I misunderstandood : enabling cookies for webmail  
sites preserves my privacy but Javascript is more "dangerous".
Then what should I think about links from sites like link-protectore : http://link-protector.com/564546/ 
  or rapidshare links ?  Those require Javascript.

Le 16-août-08 à 19:32, John Brooks a écrit :

> Enabling javascript and cookies for everything is dangerous to  
> anonymity, but doing that selectively is much less so. Cookies are  
> recommended against because they, by definition, store something  
> along with the user - meaning that even if the tor IP changes, the  
> cookie can be used to connect it to the old one. This isn't an issue  
> for a webmail system anyway, where you have a username that does a  
> perfectly good job of connecting you to your old traffic already  
> (and if you were trying to avoid that, you'd be using a new account,  
> and thus a different cookie). Google, for example, uses cookies to  
> help track users through IP changes, which can easily become  
> dangerous if you use both Tor and non-Tor google in the same browser.
>
> Javascript's only real danger to anonymity is exploits (i.e. if some  
> javascript traffic went outside the proxy, or if it helped  
> compromise the browser), but it is worth noting that javascript can  
> also change the content of the page you're viewing. If you have a  
> bad exit node that inserts fake javascript into pages (it's  
> happened), you won't have a real way to know the difference.
>
> In theory, javascript could also be of use in certain timing or  
> latency attacks to discover a client's circuit (by generating large  
> amounts of constant traffic), but that's not hard to do without  
> javascript.
>
> You should be fine enabling javascript and cookies for specific  
> sites that require it - although you should try to use SSL there if  
> at all possible.
>
> - John Brooks
>
> On Sat, Aug 16, 2008 at 9:56 AM, Charles.F <Charles.f at swing.be> wrote:
> Hi,
>
> I am not shure I understand very well how mailing lists like this  
> works, so correct me if I don't do it the way it should be.
> I'm just gonna ask my question here, right ? :
>
> If one wants to be anonymous when sending an receiving mails, one  
> should use privoxy and tor on his browser and also disable Java,  
> Javascript, cookies and so on.
> Any webmail I tried to subscibe to couldn't work without either  
> Javascript or Cookies enabled so I suppose webmails needs Javascript  
> and/or Cookies enabled to work properly, am I right ?
> In that case, one can't be sure of its anonymity (as cookies or  
> javascript are enabled) when one send or receive mails...
>
> I hope my question is clear and sorry if the answer is obvious or if  
> I didn't send it to the right e-mail address
>
> Thanks
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080816/103947b7/attachment.htm>

More information about the tor-talk mailing list