ÐÑÑÑÑ ÐÑÑÐÐÐÐ: > On Fri, Aug 28, 2015 at 08:05:17PM -0700, Mike Perry wrote: > > Garrett Robinson: > > > On 8/28/15 7:01 PM, Mike Perry wrote: > > > > sg.info@xxxxxxxxxxxxxxxxxxx: > > > >> Hi guys and girls, are there security issues using the privacy > > > >> badger from eff.org with the tor browser ? Or: Is there are a > > > >> need to use privacy badger or is this utility dispensable ? > > > > > > > > The filters in use by Privacy Badger are fingerprintable - it is > > > > possible for sites to determine that you have it installed. > > > > > > Since Privacy Badger uses a learning heuristic based on the sites > > > you visit, it actually might possible for it to leak information > > > about your browsing history too. > > > > Yikes! I didn't know this. This is especially bad, especially if > > Privacy Badger has custom storage mechanisms for this that aren't > > cleared regularly (which you touch on below). It may also result in > > browsing history leaking to disk, which wouldn't normally happen in > > the default Tor Browser. > > Mike, I'm interesting, You personaly are using some adblockers or > Noscript in Your everyday webserfing? I "eat my own dog food" as the saying goes. I almost exclusively use Tor Browser. I do not use any additional addons other than the default (which includes NoScript). I do not use an adblocker. I tend to use the Medium-High Security Slider level most of the time (which among other things blocks Javascript for all non-https pages) so I occasionally need to tell NoScript to allow scripts on http sites. Thankfully, more and more sites appear to be either moving to https, or ensuring that they work without Javascript. I use the default Tor Browser NoScript settings. There was a time when I used to do some things over non-Tor (like watching Hulu), but since the loss of a reliable and regularly updated flash player on Linux, I quit doing that. Since I managed to break that habit, I'm unlikely to start doing it again, even if the DRM EME shit ends up being supported by Hulu/Netflix/whatever. I also don't think the current EME implementations are specified well enough to be sure that the closed-source components are properly sandboxed against insecurities and/or malicious operation. Mozilla's implementation of EME came close, but until the sandbox itself can be built reproducibly, it is really hard to say what is in the binaries that Mozilla is giving us (especially when a new one arrives every couple weeks). So for now at least, there appear to be only two choices: live free, or die! ;) -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk