Some Bones to Pick with Tor Admins
mark485anderson at eml.cc
mark485anderson at eml.cc
Tue Feb 10 23:58:31 UTC 2009
exactly, no need for tor button.
no need also to upgrade from 98se, except tor developers are too lazy to
code properly.
On Tue, 10 Feb 2009 18:24:27 -0500, "Ted Smith" <teddks at gmail.com> said:
> On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > It absolutely would. Here are some things TorButton defends against that
> > wouldn't be covered in your scenario:
> >
> > 1. Unauthenticated Updates
> > 2. CSS Tracking (I think it does anyways)
> > 3. Flash and auto-opening of files
> > 4. Browser referral and user-agent tracking
> >
> > Ringo
> >
> To be fair, though, 1, 3, and 4 could be configured away in default
> FireFox. Updates can be disabled, flash can be removed, files can be set
> to "ask", referrals can be disabled, and UA can be modified in firefox
> or in Privoxy.
>
> > Freemor wrote:
> > > On Tue, 10 Feb 2009 15:50:27 -0500
> > > Roger Dingledine <arma at mit.edu> wrote:
> > >
> > > (You need Torbutton 1.2 on Firefox to
> > >> have any chance of safe browsing.)
> > >>
> > >
> > > I know that his is a bit off topic so apologies in advance,
> > > By the above are you saying that a FF with 0 plugins, 0 extensions,
> > > cookies and javascript disables running under its own profile would
> > > still be less safe then a loaded browser with Tor button? If so, could
> > > you please point me to documentation of the vulnerabilities that Tor
> > > button would cover but the completely feature denuded FF would not.
> > >
> > > Thanks in advance,
> > > Freemor
> > >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> >
> > iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA
> > Hy4PCsUUxxiakGlOQvXr4rw=
> > =Q2h7
> > -----END PGP SIGNATURE-----
--
mark485anderson at eml.cc
--
http://www.fastmail.fm - The way an email service should be
More information about the tor-talk
mailing list