Adam Langley writes: > http://www.imperialviolet.org/browser-information.html What are some means of reducing this problem? * A tweaked JavaScript implementation that responds with different information * A JavaScript information that is more configurable (configuration is bad, though) * Disable JavaScript completely; or make JavaScript act like pop-up window control does in Firefox: "This page tried to use JavaScript. Click here to allow this..." * ... > Next, any embeds in the HTML can trigger plugins which have their own > proxy settings. Realmedia objects will almost certainly start a > connection to the given server, Flash I don't know about, but I would > guess so. Flash objects can also be used to store cookies which aren't > handled via Cookie headers nor the browser. > > If the user doesn't have every protocol proxyied then an image link to > https:// or ftp:// etc could cause a non-Tor connection. Ugg, yes. This reminds me that John Gilmore has been talking about a firewall setup that automatically routes TCP circuits through the local Tor client before they are allowed out of the machine. Getting this to work cross-platform would be "fun" (write a firewall config for all major platforms that somehow does not interfere with any other pre-existing firewall configuration...). The upshot would be that you wouldn't have to configure *any* application to use Tor; it just would. -- http://www.eff.org/about/staff/#chris_palmer
Attachment:
pgp71OcA7UYPx.pgp
Description: PGP signature