[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Browserspy knows my computer time

On 10/01/17 11:44 AM, Joe Btfsplk wrote:
On 1/10/2017 3:53 AM, Georg Koppen wrote:
Joe Btfsplk:
How does Browserspy.dk get the correct local time & time zone from TBB
6.08 on my PC?

I guess https://trac.torproject.org/projects/tor/ticket/20981 is a good
candidate for explaining this.

Thanks Georg.  That sounds like it.  Was "ToLocaleString" a recent
change in Firefox function (or browser standards) that wasn't caught by
Tor devs or users before Mozilla implemented it, or some other scenario?
Possibly another example of how dissidents, sympathizers, whistle
blowers connecting TBB directly through an ISP (certain countries) could
be more easily identified.  Very difficult to consistently, quickly keep
all leaks patched.

When issues like this are 1st discovered, should there be a better
notification system for users, explaining risks and suggested
workarounds?  Few users have time to read every new Trac report.

Mozilla used to come with some bookmarks for browser testing. Perhaps TBB can include a few recommended anonymity test bookmarks for those who want to check their settings after each new TBB release or tidbit of security news. This could find regressions faster, for example. A bookmark could be included to a trac topic for each test for easy reporting (or non-reporting if same bug is found).

related: https://trac.torproject.org/projects/tor/ticket/6119

https://www.torproject.org/getinvolved/volunteer.html.en#Coding Panopticlick

Even if they did, many users wouldn't how to avoid risks. Is there any
"early warning system" giving *precise* steps to avoid new anonymity
threats?  Similar to warnings OS & software developers often issue?

AFAICT, Tor bugs are reported, but often no steps recommended to avoid
the danger, until patches can be developed.  (Temporarily stop using TBB
for serious activities?)   Does this at times leave some users totally
unaware they could be exposed in certain situations?

- run TAILS
- set Security Level to "high" under Privacy and Security settings
- use the hardened version of TBB
- get an open source operating system designed for anonymity and security such as Qubes.
- https://www.torproject.org/download/download-easy.html.en#warning

There might also be a wiki page with this sort of tips

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to