[tor-talk] Browserspy knows my computer time
krishna e bera
keb at cyblings.on.ca
Sun Jan 15 20:15:56 UTC 2017
On 10/01/17 11:44 AM, Joe Btfsplk wrote:
> On 1/10/2017 3:53 AM, Georg Koppen wrote:
>> Joe Btfsplk:
>>> How does Browserspy.dk get the correct local time & time zone from TBB
>>> 6.08 on my PC?
>>>
>> I guess https://trac.torproject.org/projects/tor/ticket/20981 is a good
>> candidate for explaining this.
>>
> Thanks Georg. That sounds like it. Was "ToLocaleString" a recent
> change in Firefox function (or browser standards) that wasn't caught by
> Tor devs or users before Mozilla implemented it, or some other scenario?
>
> Possibly another example of how dissidents, sympathizers, whistle
> blowers connecting TBB directly through an ISP (certain countries) could
> be more easily identified. Very difficult to consistently, quickly keep
> all leaks patched.
>
> When issues like this are 1st discovered, should there be a better
> notification system for users, explaining risks and suggested
> workarounds? Few users have time to read every new Trac report.
Mozilla used to come with some bookmarks for browser testing. Perhaps
TBB can include a few recommended anonymity test bookmarks for those who
want to check their settings after each new TBB release or tidbit of
security news. This could find regressions faster, for example. A
bookmark could be included to a trac topic for each test for easy
reporting (or non-reporting if same bug is found).
related: https://trac.torproject.org/projects/tor/ticket/6119
related:
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Panopticlick
> Even if they did, many users wouldn't how to avoid risks. Is there any
> "early warning system" giving *precise* steps to avoid new anonymity
> threats? Similar to warnings OS & software developers often issue?
>
> AFAICT, Tor bugs are reported, but often no steps recommended to avoid
> the danger, until patches can be developed. (Temporarily stop using TBB
> for serious activities?) Does this at times leave some users totally
> unaware they could be exposed in certain situations?
- run TAILS
- set Security Level to "high" under Privacy and Security settings
- use the hardened version of TBB
- get an open source operating system designed for anonymity and
security such as Qubes.
- https://www.torproject.org/download/download-easy.html.en#warning
There might also be a wiki page with this sort of tips
More information about the tor-talk
mailing list