[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Yahoo Mail and Tor



On 07/09/2009 02:20 AM, bao song wrote:
> The standard Tor bundle download for non-Windows still
> includes Privoxy 3.0.6, which mangles Yahoo mail. Any chance of
> either an update to a later version of Privoxy or an alternative
> privacy package in the standard Tor download for non-Windows OSs? 

There are two reasons why we still ship old Privoxy versions:

A) The Privoxies after 3.06 have a local "web control interface"
which we believe is a security risk. We think that remote websites can
probably reconfigure your privoxy via that interface, maybe even without
your noticing.  If newer versions have the ability to disable this
interface, we can consider testing and subsequently including those with
our packages.

B) We're in the process of switching over to Polipo rather than Privoxy,
since it's smaller, simpler, and it does pipelining better.  You'll
notice that the Tor Browser Bundle we ship already includes Polipo.

Those two reasons combined mean we're leaving the Privoxy that we ship
on the old version.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identica/Twitter: torproject