Some Bones to Pick with Tor Admins
Ted Smith
teddks at gmail.com
Tue Feb 10 23:24:27 UTC 2009
On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It absolutely would. Here are some things TorButton defends against that
> wouldn't be covered in your scenario:
>
> 1. Unauthenticated Updates
> 2. CSS Tracking (I think it does anyways)
> 3. Flash and auto-opening of files
> 4. Browser referral and user-agent tracking
>
> Ringo
>
To be fair, though, 1, 3, and 4 could be configured away in default
FireFox. Updates can be disabled, flash can be removed, files can be set
to "ask", referrals can be disabled, and UA can be modified in firefox
or in Privoxy.
> Freemor wrote:
> > On Tue, 10 Feb 2009 15:50:27 -0500
> > Roger Dingledine <arma at mit.edu> wrote:
> >
> > (You need Torbutton 1.2 on Firefox to
> >> have any chance of safe browsing.)
> >>
> >
> > I know that his is a bit off topic so apologies in advance,
> > By the above are you saying that a FF with 0 plugins, 0 extensions,
> > cookies and javascript disables running under its own profile would
> > still be less safe then a loaded browser with Tor button? If so, could
> > you please point me to documentation of the vulnerabilities that Tor
> > button would cover but the completely feature denuded FF would not.
> >
> > Thanks in advance,
> > Freemor
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA
> Hy4PCsUUxxiakGlOQvXr4rw=
> =Q2h7
> -----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090210/e4138382/attachment.pgp>
More information about the tor-talk
mailing list