Javascript security question

James Brown jbrownfirst at gmail.com
Fri Aug 21 10:06:07 UTC 2009


Eugen Leitl wrote:
> On Fri, Aug 21, 2009 at 09:25:15AM +0000, Sadece Gercekler wrote:
>   
>> I know that enabling javascript is insecure. But my question is specific to gmail, google reader, yahoo mail, and blogger.com. These are the sites I'm mainly accessing.
>>
>> Do you think enabling javascript for these sites can be OK?
>>     
>
> Who knows? Have you considered the ads, or that you might get a custom
> version when detected you're coming from a Tor exit?
>
>   
Probably the javascript can steal only your internal ip-adress, not
external. Then, if you machine is behind NAT it is probable secure for
you. (But you need obligatly disable the java in your browser because
the java-applications can steal you external ip-address.



More information about the tor-talk mailing list