On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It absolutely would. Here are some things TorButton defends against that > wouldn't be covered in your scenario: > > 1. Unauthenticated Updates > 2. CSS Tracking (I think it does anyways) > 3. Flash and auto-opening of files > 4. Browser referral and user-agent tracking > > Ringo > To be fair, though, 1, 3, and 4 could be configured away in default FireFox. Updates can be disabled, flash can be removed, files can be set to "ask", referrals can be disabled, and UA can be modified in firefox or in Privoxy. > Freemor wrote: > > On Tue, 10 Feb 2009 15:50:27 -0500 > > Roger Dingledine <arma@xxxxxxx> wrote: > > > > (You need Torbutton 1.2 on Firefox to > >> have any chance of safe browsing.) > >> > > > > I know that his is a bit off topic so apologies in advance, > > By the above are you saying that a FF with 0 plugins, 0 extensions, > > cookies and javascript disables running under its own profile would > > still be less safe then a loaded browser with Tor button? If so, could > > you please point me to documentation of the vulnerabilities that Tor > > button would cover but the completely feature denuded FF would not. > > > > Thanks in advance, > > Freemor > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA > Hy4PCsUUxxiakGlOQvXr4rw= > =Q2h7 > -----END PGP SIGNATURE-----
Attachment:
signature.asc
Description: This is a digitally signed message part