As some of you know, I've been working on a security-enhanced version of Torbutton to handle all sorts of anonymity vulnerabilities present in a standard Firefox configuration (see the big fat warning on http://tor.eff.org/download.html.en - the goal is to make all that text irrelevant). I will be presenting this plugin as a part of my talk "Securing the Tor Network" for Black Hat and Defcon. The goal of the extension is to make it possible to use modern websites via Tor without the risk of something reducing your anonymity set or bypassing proxy settings. The major features are: * Disabling plugins while Tor is enabled * Isolating dynamic content to the Tor state at document load * Cookie jars/cookie clearing * Cache management * History Management * User agent spoofing * Timezone spoofing The extension itself, and more information on the individual features/options are available at the horrifyingly stoic homepage: http://torbutton.torproject.org/dev/ Currently, only FireFox 2.0 is supported. Kind-hearted souls are sought to help port to Seamonkey and Thunderbird. Feedback, suggestions, and comments are welcome. Especially if someone could point out what I'm doing wrong with the OpenSearch Google search plugin installations (which are somewhat unrelated, but I figured were worth putting up there, since a major usability complaint is "Why do I get the damn German/Chinese/etc Google with Tor?"). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpwllN8xqGQ7.pgp
Description: PGP signature