Javascript security question

Andrew Lewman andrew at torproject.org
Fri Aug 21 14:24:45 UTC 2009


On 08/21/2009 05:25 AM, Sadece Gercekler wrote:
> I know that enabling javascript is insecure. But my question is
> specific to gmail, google reader, yahoo mail, and blogger.com. These
> are the sites I'm mainly accessing.

I leave javascript enabled with torbutton enabled.  While everyone will
focus on the possibility of an evil exit node, the reality is far more
mundane.  If you're following safe anonymity and browsing practices, you
have a better chance of mitigating any attacks from the rare evil exit node.

Mike Perry's Snakes on a Tor tool has done hundreds, if not thousands,
of hours of exit node scanning.  It finds very few evil exit nodes.  And
in follow-up with these operators, most are a misconfiguration of some
device outside their tor node.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject



More information about the tor-talk mailing list