[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton, CSS3 and window size



Thank you for the explanation.

> The JonDoNym test is only using the Javascript versions of these
> attacks, and therefore the JonDoFox profile they provide is given a
> green "pass" against them, even though a dedicated adversary could
> extract the same information with CSS3 alone. When I run Torbutton
> with Javascript disabled, I get very similar results to the JonJoFox
> profile on their test (are you sure you had javascript fully
> disabled?)

I am absolutely sure I have js disabled to the extent allowed by
javascript.enabled = false.
Furthermore, I tried to filter scripts out with Privoxy (also disabling
ssl, of course)
and obtained the same results...

Anyway, in this thread, Karsten N. has confirmed that the *current*
version of JonDoNym tests
does not require any js.

> This places us in an interesting legal situation with
> Mozilla, because technically such a patch means that we can no longer
> use the trademark "Firefox" to describe the browser we provide in this
> case.
Is it that bad? Are there any fundamental problems with Iceweasel etc? I
do not think Tor Project
has to rely on the Firefox brand awareness to distribute Tor Bundle
among end users. Maybe, having
an independent "security-oriented" patched branch of Firefox or Chrome
can facilitate accepting some
of the patches by the upstream.

And what about extensions.torbutton.resize_windows? It is not a bug or
my side misconfiguration
issue that I have no such option for the current TB, is it?

-- 
http://www.fastmail.fm - One of many happy users:
  http://www.fastmail.fm/docs/quotes.html

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/