[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Torbutton 1.2.3 Released. Feedback requested.

Torbutton 1.2.3 has been released. It is available at
https://addons.mozilla.org/en-US/firefox/addon/2275/ and features many
bugfixes, including Firefox 3.5 compatibility fixes and privacy

The release also features three hidden options for reducing the number
of Google Captchas received during search. If you search about:config
for _google_, you should find them:

1. extensions.torbutton.xfer_google_cookies

  If True, this option causes Torbutton to transfer all non-ssl google
  cookies between country code domains just prior to fulfilling a
  request for a new google country. In other words, if you hit google.ca,
  solve a captcha, and then your exit changes for your next search
  causing you to get google.de, your captcha and PREF cookies should be
  transfered from google.ca to google.de.
  This should eliminate the need to solve captchas for every google
  country domain. It is on by default.

2. extensions.torbutton.regen_google_cookies

  If True, this option will cause Torbutton to hit google.ca to obtain
  a fresh set of google cookies every time Tor is enabled, or while
  cookies are cleared in Tor mode. 

  Since Google sometimes simply provides a 403 with no captcha when
  you use search keywords or the search box with Tor without any cookies,
  this option is provided to attempt to reduce that case. I am
  interested in feedback on how well it works.

  This option is off by default.

3. extensions.torbutton.reset_google_cookies

  This option is similar to the regen option, except that it recreates
  your google cookies from a hardcoded set that has solved at least one
  captcha. These cookies can be seen/modified by searching about:config
  for ".g*_cookie".

  Obviously this approach has very undesirable anonymity properties
  unless everyone were to use it with the same cookies. Unfortunately,
  this scenario may also lead to these cookies being banned by Google
  (especially if a spammer/scraper decides to steal them for their use).

  This option is off by default.

Any feedback on the above options would be appreciated.

Also, while drafting this email, I noticed that there is apparently an
obscure popup-related bug with 1.2.3:

If anyone can provide me with an example reproduction case, I would
greatly appreciate it.

Finally, at long last, here is the complete changelog for 1.2.3:

02 Dec 2009
 * bugfix: bug 950: Preserve useragent and download settings across toggle
 * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
 * bugfix: bug 1041: Preserve tab history in FF3.5
 * bugfix: bug 1047: Fix spurious user agent change notice
 * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
 * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
 * bugfix: bug 1085: Fix test settings issues with dead privoxy
 * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
 * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
 * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
 * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
 * bugfix: bug 1152: "Close tabs on toggle" prevents toggling in FF3.5
 * bugfix: bug 1154: Clarify "Last Tor test failed" message
 * misc: Disable geolocation in FF3.5 during Tor mode
 * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
 * misc: Disable offline app cache during Tor mode
 * misc: Disable specific site zoom settings during Tor mode
 * new: Transfer Google cookies between country-code domains. This should
   make it such that captchas only need to be solved once per Tor session,
   as opposed to for each country.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpHSUu6TrVJX.pgp
Description: PGP signature