[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Confusion about TorButton, Noscript, etc.



On Mon, Aug 18, 2008 at 02:01:41PM +0200, anonym wrote:
> In addition, Torbutton does all sorts of other stuff with Firefox that
> otherwise could leak information or otherwise weaken anonymity.

Right. This is important to remember -- using Tor without the new
Torbutton can expose you to anonymity-breaking (or, depending on your
behavior, at least anonymity-hurting) attacks.

> Of course, you might already know of the risks involved. IMHO, people
> that don't feel that they know what they're doing ought to stick with
> Torbutton. The others can consider the trade-offs in usability and
> security between these two approaches. I bet there are many more than
> those I've mentioned above.

Indeed. I use both Noscript and the new Torbutton. They work fine
together, in terms of usability. But I use Noscript to try to get some
handle on how I view the web -- not to protect me from evil people
running evil javascript on my browser.

The main thing to keep in mind while using both of them is that
unauthenticated connections can lie to you about who they are. So while
you can use Noscript to turn off *some* scripts from domains that aren't
whitelisted, you shouldn't deceive yourself into thinking that you are
using it to turn off *all* such scripts. A man-in-the-middle attack
(e.g. from an ISP or a Tor exit node) could trick your browser into
making a request for a domain that you've whitelisted in noscript,
and then you'd end up running scripts -- and if you are tricked well,
you won't even notice it happened.

I believe the reason Mike put a "don't use noscript" clause in is because
this is a pretty subtle distinction for most users, so they could easily
get a false sense of security. In particular, they might be thinking
"noscript is preventing any scripts from running unless I type in one
of the following domains", and this false (with or without Tor).

--Roger