Some Bones to Pick with Tor Admins

Nick Mathewson nickm at freehaven.net
Wed Feb 11 03:26:12 UTC 2009


On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote:
> On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > It absolutely would. Here are some things TorButton defends against that
> > wouldn't be covered in your scenario:
> > 
> > 1. Unauthenticated Updates
> > 2. CSS Tracking (I think it does anyways)
> > 3. Flash and auto-opening of files
> > 4. Browser referral and user-agent tracking
> > 
> > Ringo
> > 
> To be fair, though, 1, 3, and 4 could be configured away in default
> FireFox. Updates can be disabled, flash can be removed, files can be set
> to "ask", referrals can be disabled, and UA can be modified in firefox
> or in Privoxy.

As Martin notes, privoxy won't modify your SSL connections for you.

Torbutton protects against many other attacks that regular Firefox
configuration can't protect you against, too.  See the Torbutton
design document at https://www.torproject.org/torbutton/design/ for a
more full list.

-- 
Nick



More information about the tor-talk mailing list