[tor-talk] New Browser Bundle

Andrew Lewman andrew at torproject.org
Mon Nov 7 02:32:33 UTC 2011


On Sunday, November 06, 2011 15:15:21 Joe Btfsplk wrote:
> I can't imagine cookies or Javascript being enabled globally.  I won't
> leave those default settings.   Cookies from "regular old web sites"
> aren't necessarily the benign "little files a web site places on your
> computer to enhance the use of our site," that they used to be.  Maybe
> need to read up on what "little old cookies" from avg sites can do now.
> Having them enabled globally - in Tor or regular Firefox - doesn't seem
> like a good idea.  Nor does having Javascript globally enabled.

I'd like to see someone do research that proves or disproves this fear that 
javascript and cookies everywhere is hazardous to the anonymity of a tor user. 
I don't know a better setting for noscript. I know what I use for settings 
when I use the default TBB setup.  

 If you use collusion with TBB, you'll see the various connections made to the 
current browsing session. http://collusion.toolness.org/. I frequently hit 
'new identity' to wipe the cache/cookies.

In my world, I'd replace noscript with requestpolicy. If you never request the 
3rd party sites, then you cut out lots of risks/cruft, in theory. This is the 
core idea behind requestpolicy.  Unfortunately, this breaks lots of websites 
and would freak out most tor users. However, this is another fine study to 
undertake.

Intuitevly it sounds bad, yes.  However, I'd like to see baseline research and 
then settings changes that are proven to improve anonymity for the user. Of 
course, 'improve anonymity' implies some sort of measurement, which ties into 
https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network

-- 
Andrew
pgp 0x74ED336B


More information about the tor-talk mailing list