[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Maybe Firfox isn't the best choice for privacy?



Thus spake misc (misc@xxxxxxxxxxx):

> On Fri, 15 Feb 2008 13:38:58 -0800, Mike Perry wrote:
> 
> > Thus spake kazaam (kazaam@xxxxxxxxx):
> > 
> > A few comments on this. First off, the fact that window sizes factor
> > into a hash means as soon as you resize your window 1 pixel, they get
> > a completely new identifier, uncorrelated to the previous one. So this
> > is a trivial identifier to modify on your own if you are aware of it,
> > or even to change accidentally.
> > 
> > But otherwise, I agree it is pretty interesting work, and Torbutton
> > 1.1.14 will address many of these items, including a couple of modes
> > of operation for masking window size, and protection against revealing
> > extension installation during Tor. The ability to use chome urls to
> > determine true user agent, extension presence, and platform
> > information was brought to our attention courtesy of Gregory
> > Fleischer about a month ago. Unfortunately, fixes for his issues and
> > the window size spoofing code didn't make it into the 1.1.13 release
> > because of the more serious javascript and plugin issues recently
> > descovered in Firefox that that release had to work around.
> 
> What about NoScript extension? Will that prevent gathering information
> about installed plugins and other settings?

Not to my knowledge. Adblock Plus has support to hide extension
presence, but I believe extensions have to programmatically request it
from an Adblock service. Torbutton 1.1.14 should be out early next
week, and will address these issues.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgp4ZQ20HLDUX.pgp
Description: PGP signature