Maybe Firfox isn't the best choice for privacy?
Mike Perry
mikeperry at fscked.org
Sun Feb 24 00:49:32 UTC 2008
Thus spake misc (misc at mail333.com):
> On Fri, 15 Feb 2008 13:38:58 -0800, Mike Perry wrote:
>
> > Thus spake kazaam (kazaam at oleco.net):
> >
> > A few comments on this. First off, the fact that window sizes factor
> > into a hash means as soon as you resize your window 1 pixel, they get
> > a completely new identifier, uncorrelated to the previous one. So this
> > is a trivial identifier to modify on your own if you are aware of it,
> > or even to change accidentally.
> >
> > But otherwise, I agree it is pretty interesting work, and Torbutton
> > 1.1.14 will address many of these items, including a couple of modes
> > of operation for masking window size, and protection against revealing
> > extension installation during Tor. The ability to use chome urls to
> > determine true user agent, extension presence, and platform
> > information was brought to our attention courtesy of Gregory
> > Fleischer about a month ago. Unfortunately, fixes for his issues and
> > the window size spoofing code didn't make it into the 1.1.13 release
> > because of the more serious javascript and plugin issues recently
> > descovered in Firefox that that release had to work around.
>
> What about NoScript extension? Will that prevent gathering information
> about installed plugins and other settings?
Not to my knowledge. Adblock Plus has support to hide extension
presence, but I believe extensions have to programmatically request it
from an Adblock service. Torbutton 1.1.14 should be out early next
week, and will address these issues.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080223/ee05a314/attachment.pgp>
More information about the tor-talk
mailing list