[tor-talk] browser fingerprinting

Randolph rdohm321 at gmail.com
Mon Apr 14 17:49:28 UTC 2014


tor with ff js enabled still bleeding:
http://www.codeproject.com/Questions/589062/HowplustoplusgetplusClientplusIpplusAddressplusand


2014-04-14 19:48 GMT+02:00 Randolph <rdohm321 at gmail.com>:

> another torbleed:
>
> http://stackoverflow.com/questions/391979/get-client-ip-using-just-javascript
> http://en.wikipedia.org/wiki/JavaScript#Security
>
>
> 2014-04-14 19:44 GMT+02:00 Randolph <rdohm321 at gmail.com>:
>
>
>> http://stackoverflow.com/questions/371875/local-file-access-with-javascript
>>
>> then firefox with javascript enabled is a torbleed.
>>
>>
>> 2014-04-14 15:46 GMT+02:00 Gerardus Hendricks <konfkukor at riseup.net>:
>>
>> On 4/13/14 9:20 PM, Randolph wrote:
>>>
>>>> Anonymity is quite easily broken, if cookies cannot managed (e.g. like
>>>> in certain browsers) and if javascript is enabled. As far as we see,
>>>> Firefox in the Tor bundle disables javascript, right?
>>>> Javascript allows to access the local IP address and files, which host
>>>> the
>>>> local IP address. That`s why Tor and Javascript do not go together.
>>>>
>>>
>>> The Tor Browser Bundle does not disable Javascript by default. You can
>>> easily disable it by clicking the NoScript button at the left side of the
>>> address bar, and clicking 'Disallow all' (or something like that)
>>>
>>> Javascript doesn't reveal your "local IP address and files".
>>> --
>>> tor-talk mailing list - tor-talk at lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>>
>>
>


More information about the tor-talk mailing list