[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Some Tor w/ Firefox Questions
- To: or-talk@xxxxxxxxxxxxx
- Subject: Some Tor w/ Firefox Questions
- From: Ringo Kamens <2600denver@xxxxxxxxx>
- Date: Sat, 03 Jan 2009 05:26:57 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 03 Jan 2009 05:27:11 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:x-enigmail-version:openpgp :content-type:content-transfer-encoding; bh=ZuqpT/ovs0K/dxqZryzc1aXN8tKjc4mDxfmjEU2p36I=; b=iEgQ9vtiQCl1eXFKXZTrwpZBE7/ofbF09yJUA8S8mP2fY147Pz+IfpoIcZ9EhMCgjY GYyEeULHBbv4qxciba4nvcpZ3Teu3Jejmhj0K1HgovUpFzsdlsBsDga6EGoDFb6LJf3A RGtlujk8cqNP7/xIMNTv7JXQc0mBnyl+Wa5Lg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=BrmlTQbEHwTMNjOvlGaQ0qc+bGGq8z7PETWOb/6bRAoIZuDXzKEf5DCY1H+8bHrE1B WEFEYEQf57xRpKfQCKcKsCV2nM2GrsTnkEg6/OEZw2BHfyIu2gPHLPCd6iV0cVTzsIjx g7N7Udo/mkUjP/lwCC15RKkj+wi0TsH+h1/hQ=
- Openpgp: id=2739044E
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.18 (X11/20081125)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Tor Users,
I teach a workshop on privacy and anonymity and I've gotten some
questions that I didn't know how to answer. Maybe somebody can answer a
few of these.
1. If I have multiple Firefox profiles, one of which is exclusively for
Tor use, if I use another profile with javascript later on, is that a
threat to the data stored in the other profiles? Can add-ons see
information in other profiles?
2. If I'm doing my Tor browsing in one browser (say, Firefox) and open
up another one (say Ephiphany) that has javascript enabled, what risks
do I face? AFAIK javascript can see what's in your clipboard, which
would be bad if I'm using the clipboard with Torified content Is that it?
3. One of the common criticisms of NoScript+Tor is that a malicious exit
node can pretend to be any site it wishes. What about enabling js on
file:// urls? If I understand them correctly, the browser won't make any
external requests and then there would be no threat of an attack.
4. TorButton (wisely) disabled updates. Aside from the risk of an exit
node making you download it's own module, what other risks are there?
Does firefox submit any information that could identify you aside from
what plugins you use?
Thanks,
Ringo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJXz1w6pWcWSc5BE4RAiXBAKCx7gwtZ/yHfNhJFkbtgr8DwFDCDQCg1qt9
vOe6O7tV94ms4UI3u8KskQs=
=Ny4+
-----END PGP SIGNATURE-----