[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to use Google Gadgets with Tor? - Is this possible?



Thus spake M (moeedsalam@xxxxxxxxx):

> On Sat, Jan 15, 2011 at 7:02 PM, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> 
> >
> >
> > You could also install an addon to observe the requests your browser
> > uses in both non-Tor and Tor accesses of this gadget to see if the
> > requests appear different for some reason. That may help diagnose the
> > cause:
> > https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
> > https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
> >
> >
> 
> On a side note, i had asked the group before about the google gadgets and
> whether if there is some security issue with using it wit TOR> I receive the
> response that it had not really been tested before. Should i understand its
> safe now?

Google gadgets that rely on Google browser plugins such as Google
Gears are not safe, because we canot protect against them. However,
Torbutton's normal protections for the web should keep Google gadgets
that use plain AJAX safe, from a privacy point of view. Of course
though, you are probably not private to Google at this point, esp if
you are logged in to a gmail account. But I assume you're aware of
that and what this means in terms of privacy consequences, and are
comfortable with that tradeoff.


We do *not* recommend disabling Torbutton to get your Google gadgets
to work. Then you become signifcantly less private, both to Google and
to the rest of the web.

If we can't get to the bottom of this and it seems likely that
Torbutton is actually the cause, please file a bug report at
https://trac.torproject.org/projects/tor/report/14. But so far it
seems like there is some other issue which we have not yet gotten to
the bottom of.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpBgEe2FkeQc.pgp
Description: PGP signature