[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some Bones to Pick with Tor Admins



On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote:
> On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > It absolutely would. Here are some things TorButton defends against that
> > wouldn't be covered in your scenario:
> > 
> > 1. Unauthenticated Updates
> > 2. CSS Tracking (I think it does anyways)
> > 3. Flash and auto-opening of files
> > 4. Browser referral and user-agent tracking
> > 
> > Ringo
> > 
> To be fair, though, 1, 3, and 4 could be configured away in default
> FireFox. Updates can be disabled, flash can be removed, files can be set
> to "ask", referrals can be disabled, and UA can be modified in firefox
> or in Privoxy.

As Martin notes, privoxy won't modify your SSL connections for you.

Torbutton protects against many other attacks that regular Firefox
configuration can't protect you against, too.  See the Torbutton
design document at https://www.torproject.org/torbutton/design/ for a
more full list.

-- 
Nick