[tor-talk] FBI cracked Tor security
Jon Tullett
jon.tullett at gmail.com
Fri Jul 15 05:23:20 UTC 2016
On 15 July 2016 at 00:07, krishna e bera <keb at cyblings.on.ca> wrote:
>> Should add that users with NoScript enabled would not have been
>> vulnerable - I get the "noscript decreases privacy" argument, but I'd
>> still kinda like it to be on by default to protect users. Maybe with a
>> big red "Turn on Javascript because I'm happy to get pwned by
>> malicious ads, FBI malware, and miscellaneous trackers" button :)
>
>>>> There are frequently vulnerabilities in hosting services - content
>>>> platforms, web forums, third-party Javascript libraries, file uploads,
>>>> management interfaces...many sites, darkweb or not, have much broader
>>>> attack surfaces than their owners understand.
>
>
> What do you think about these recommendations for onion sites:
Well, it doesn't really matter what I think :) There have been
discussions, and as I understand it in most cases there are two
issues: privacy tradeoffs in blocking third party content (doing so
makes your browser more identifiable), and breaking the web enough
that users will just downgrade their settings thereby making
themselves insecure and again degrading their privacy in the same
way..
Me, I block scripts in TBB because I weigh security a bit higher than
privacy, and it's nice that it's relatively easy to do so, but I would
like it to be signposted or explained a bit more clearly.
> Client-side:
> For months i have been suggesting to friends and clients, who are
> regular (non-Tor) users, to install Ublock Origin.
Very good choice, though possibly too complicated for average users
(but then, so is maintaining a NoScript whitelist).
-J
More information about the tor-talk
mailing list