[tor-talk] How secure is check.torproject.org?

author at anonymousbitcoinbook.com author at anonymousbitcoinbook.com
Sun Nov 17 19:29:12 UTC 2013

If I were going to perform a de-anonymization attack on Tor users en 
masse, I would take advantage of the fact that TorBrowser and Tails 
Linux* both load a page with client-side scripting enabled upon startup. 
How secure is this single point of failure?

I'm also curious if it would be possible to add command-line options 
for disabling scripts globally via NoScript at startup to Ice Weasel and 
Tor Browser, so a user could start from the command line using something 
/usr/bin/iceweasel -noscripts

I realize that TorButton provides some protections, but I'd like to do 
even better.

*: The current default page for Ice Weasel in Tails is 
tails.boum.org/news/, but I believe I saw some talk in the Tails mailing 
list about possibly changing it to blend in better with TorBrowser 


More information about the tor-talk mailing list