[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
On Mon, Feb 23, 2009 at 12:29 PM, Arjan
> Noscript has some options (Options, Advanced, HTTPS) that may help.
> Disclaimer: I've not used these options and I don't know if it's secure.
"Which Firefox extensions should I avoid using? ... NoScript: using
NoScript can actually disable protections that Torbutton itself
compromise your anonymity via the default whitelist..."
as an aside, i found a plugin that could do everything above, but only
if the sites themselves send you a ForceHTTPS cookie securely:
the design paper does a good job of explaining why this is all more
complicated than you might think...