[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] noscript on youtube

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] noscript on youtube
From: <dewaj@xxxxxxxxxx>
Date: Sun, 31 Jul 2016 12:19:27 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 31 Jul 2016 15:47:04 -0400
In-reply-to: <20160731030809.436C0E0A44@eugeni.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20160731030809.436C0E0A44@eugeni.torproject.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

thus spake krishna e bera:
> > When trying to login to Youtube from TBB, NoScript blocks a bunch
> > of stuff seemingly related to fonts (see screenshot at 
> > https://postimg.org/image/c0sfrf2kh/41fa1875/ ), and i cannot
> > proceed (the Sign In button doesnt work.  Otherwise Youtube works
> > fine with HTML5 videos.

This is done only when using Tor???

On Sat, 30 Jul 2016 20:07:22 -0700
cube@xxxxxxxxxxxxxxxxx wrote:
> The CSS @font-face rule that is being blocked by NoScript can be used
> to fingerprint you, specifically can be used to detect what fonts you
> have installed. How this works is that you define a set of fonts and
> tell the client ``if you need to use these fonts but don't have them
> you can download them from me''. The client then requests the fonts
> it doesn't have. From this the server knows what fonts the client
> doesn't have and by process of elimination what fonts it does have.
> 


Then this can be got around by either downloading all the fonts,
whether used or not or by not downloading any fonts and using existing
fonts or substiutions, by default.

This obviously works best when *everyone* does one or the other.

How can this be done in the browser? I'd like to see a config option in
firefox if there isn't one already. (Yes! Let's heap even MORE
COMPLEXITY upon complexity!!!)

--

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] noscript on youtube
  - From: cube

Prev by Author: Re: [tor-talk] tor browser graphics only updating when move mouse over window
Next by Author: Re: [tor-talk] Riffle: an efficient communication system with strong anonymity
Previous by thread: Re: [tor-talk] noscript on youtube
Next by thread: [tor-talk] tor browser graphics only updating when move mouse over window
Index(es):
- Author
- Thread