[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some Bones to Pick with Tor Admins



exactly, no need for tor button.
no need also to upgrade from 98se, except tor developers are too lazy to
code properly.

On Tue, 10 Feb 2009 18:24:27 -0500, "Ted Smith" <teddks@xxxxxxxxx> said:
> On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > It absolutely would. Here are some things TorButton defends against that
> > wouldn't be covered in your scenario:
> > 
> > 1. Unauthenticated Updates
> > 2. CSS Tracking (I think it does anyways)
> > 3. Flash and auto-opening of files
> > 4. Browser referral and user-agent tracking
> > 
> > Ringo
> > 
> To be fair, though, 1, 3, and 4 could be configured away in default
> FireFox. Updates can be disabled, flash can be removed, files can be set
> to "ask", referrals can be disabled, and UA can be modified in firefox
> or in Privoxy.
> 
> > Freemor wrote:
> > > On Tue, 10 Feb 2009 15:50:27 -0500
> > > Roger Dingledine <arma@xxxxxxx> wrote:
> > > 
> > >  (You need Torbutton 1.2 on Firefox to
> > >> have any chance of safe browsing.)
> > >>
> > > 
> > > I know that his is a bit off topic so apologies in advance, 
> > > By the above are you saying that a FF with 0 plugins, 0 extensions,
> > > cookies and javascript disables running under its own profile would
> > > still be less safe then a loaded browser with Tor button? If so, could
> > > you please point me to documentation of the vulnerabilities that Tor
> > > button would cover but the completely feature denuded FF would not.
> > > 
> > > Thanks in advance,
> > > Freemor  
> > > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> > 
> > iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA
> > Hy4PCsUUxxiakGlOQvXr4rw=
> > =Q2h7
> > -----END PGP SIGNATURE-----
-- 
  
  mark485anderson@xxxxxx

-- 
http://www.fastmail.fm - The way an email service should be