[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

New Torbutton (1.1.4-alpha)

As some of you know, I've been working on a security-enhanced version
of Torbutton to handle all sorts of anonymity vulnerabilities present
in a standard Firefox configuration (see the big fat warning on
http://tor.eff.org/download.html.en - the goal is to make all that
text irrelevant). I will be presenting this plugin as a part of my
talk "Securing the Tor Network" for Black Hat and Defcon.

The goal of the extension is to make it possible to use modern
websites via Tor without the risk of something reducing your anonymity
set or bypassing proxy settings.

The major features are: 
 * Disabling plugins while Tor is enabled
 * Isolating dynamic content to the Tor state at document load
 * Cookie jars/cookie clearing
 * Cache management
 * History Management
 * User agent spoofing
 * Timezone spoofing

The extension itself, and more information on the individual
features/options are available at the horrifyingly stoic homepage:

Currently, only FireFox 2.0 is supported. Kind-hearted souls are
sought to help port to Seamonkey and Thunderbird.

Feedback, suggestions, and comments are welcome. Especially if someone
could point out what I'm doing wrong with the OpenSearch Google search
plugin installations (which are somewhat unrelated, but I figured were
worth putting up there, since a major usability complaint is "Why do I
get the damn German/Chinese/etc Google with Tor?").

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpwllN8xqGQ7.pgp
Description: PGP signature