[tor-talk] using themes in Aurora

[Joe Btfsplk]

On 10/17/2011 3:20 AM, Marco Bonetti wrote:
> ----- Original Message -----
>> On Friday, October 14, 2011 12:49:32 Joe Btfsplk wrote:
>>> No one's EVER looked into Tor security issues of using themes (from
>>> Mozilla addons site) or Firefox GUI enhancement addons, like Tab
>>> Mix Plus?
>> You could be the first!
>>
>> My first step would be to see what information is sent back to
>> mozilla's getpersonas.com site by the theme.
> I took a look at personas back in 2009: when it was still in an early experimental stage and it was distributed as an extension, I was able to register a cookie exchange with your browser and personas server. The exchanged cookie contained the IP address of the browser as seen by the server.
> I noted it in my 2009 e-privacy talk: http://sid77.slackware.it/tor/TorWeb20.pdf (Italian only, sorry).
> However, since personas get stable and became an official feature of Firefox I wasn't able to record that cookie again, so I didn't mention it in the next events.
Thanks for info.  I don't speak / read Italian, but not sure the talk (& 
part concerning cookies) would answer my question.
FIRST:   My OP was about * Themes, * not personas.
2nd:  One doesn't have to accept cookies from MAO site to d/l or install 
themes - so cookies aren't really the main issue / question.

The security issue about themes & TBB would be (some ?) themes altering 
some function(s) of Aurora that would interfere w/ normal Tor / Aurora 
settings or functions, compromising anonymity.  I doubt that is the 
case, but have nothing to prove it.