[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Another Method to Block Java Hijinks

On 4/13/07, scar <scar@xxxxxxxxxx> wrote:

i think what we are trying to say here, is: even though this configuration may prevent java from determining the user's IP, it does not prevent java from determining other personal information.

this information may include: the local time of the user's machine, screen resolution & color depth, operating system & browser version (if this is found to differ from the UserAgent reply, isn't that suspicious?), and probably many, many other items. these could be just as revealing as an IP address. so, unfortunately, i don't see the point of this configuration with anonymity in mind.

Long before the recent discussions on Java and other browser technologies, I had realized that your IP could be revealed thru Java as shown on the stayinvisible site. I was somewhat surprised that this was not documented. I'm glad to see that it is now being addressed. I would hate to see someone in a hostile environment in perhaps a life and death situation rely on tor and not realize that other things also need to be locked down. Again, I brought up the thing about the firewall just because I think it is important to know about all ways that privacy can be protected.

I am not a coder nor do I have any formal background in networks,
privacy, or security.  However, I find it highly interesting and I've
spent alot of time finding out how these things work.  I also
understand how difficult configuration can be to an average
internetter.  Afterall, it wasn't too long ago that I didn't have a