[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Maybe Firfox isn't the best choice for privacy?

Thus spake misc (misc@xxxxxxxxxxx):

> On Fri, 15 Feb 2008 13:38:58 -0800, Mike Perry wrote:
> > Thus spake kazaam (kazaam@xxxxxxxxx):
> > 
> > A few comments on this. First off, the fact that window sizes factor
> > into a hash means as soon as you resize your window 1 pixel, they get
> > a completely new identifier, uncorrelated to the previous one. So this
> > is a trivial identifier to modify on your own if you are aware of it,
> > or even to change accidentally.
> > 
> > But otherwise, I agree it is pretty interesting work, and Torbutton
> > 1.1.14 will address many of these items, including a couple of modes
> > of operation for masking window size, and protection against revealing
> > extension installation during Tor. The ability to use chome urls to
> > determine true user agent, extension presence, and platform
> > information was brought to our attention courtesy of Gregory
> > Fleischer about a month ago. Unfortunately, fixes for his issues and
> > the window size spoofing code didn't make it into the 1.1.13 release
> > because of the more serious javascript and plugin issues recently
> > descovered in Firefox that that release had to work around.
> What about NoScript extension? Will that prevent gathering information
> about installed plugins and other settings?

Not to my knowledge. Adblock Plus has support to hide extension
presence, but I believe extensions have to programmatically request it
from an Adblock service. Torbutton 1.1.14 should be out early next
week, and will address these issues.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgp4ZQ20HLDUX.pgp
Description: PGP signature