[tor-talk] User views on lesser of 2 evils_Tor FAQ on using java script
joebtfsplk at gmx.com
Sun Jul 27 15:21:26 UTC 2014
On 7/27/2014 2:08 AM, grarpamp wrote:
> On Sat, Jul 26, 2014 at 3:26 PM, Joe Btfsplk <joebtfsplk at gmx.com> wrote:
>> How do some more advanced Tor users feel about pros & cons of leaving java
>> script constantly enabled or selectively enabling it?
> The risk of any potential leak of real IP or actual user data
> (not just meta browser environment data) is overriding consideration.
> Much more than any js on/off matrix leak to some observing
> exit or multi-hosting webserver (which are fringe cases to begin with).
How do we know for a fact that observing exits (even several or many,
operated by one entity) or multiple sites operated by one entity are
They may not be the gov't or NSA / GHCQ, but plenty of large, 3rd party
trackers monitor 1000's of sites.
And if they have certain information, then for sure it's available to
gov'ts (if only by theft) & possibly to others, especially at the right
This type thing is no longer conspiracy theory.
> Sandbox your apps, keep your user data minimal and compartmented,
> manage your stored profiles/dotdirs and sessions. Do that and all this
> approaches moot. This doesn't mean they should be ignored, but
> that in the big picture, there are bigger concepts to grasp first.
Assuming that all works & doesn't have as many pitfalls as java script
itself, the overall methods are likely beyond most users.
Beyond their ability & available time. Beyond their ability to do all
of what you mention and not make a mistake.
Unless Tor Project just sadly accepts that most users can't accurately
carry out such practices (so don't bring it up at all), they don't seem
to think it's important.
Unless there were very detailed, step-by-step instructions for how to do
things you mention (possibly many more), not many could carry them out &
*never* make a mistake.
More information about the tor-talk