[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Yahoo Mail and Tor

     On Thu, 09 Jul 2009 10:46:05 -0400 Andrew Lewman <andrew@xxxxxxxxxxxxxx>
>On 07/09/2009 02:20 AM, bao song wrote:
>> The standard Tor bundle download for non-Windows still
>> includes Privoxy 3.0.6, which mangles Yahoo mail. Any chance of
>> either an update to a later version of Privoxy or an alternative
>> privacy package in the standard Tor download for non-Windows OSs? 
>There are two reasons why we still ship old Privoxy versions:
>A) The Privoxies after 3.06 have a local "web control interface"
>which we believe is a security risk. We think that remote websites can
>probably reconfigure your privoxy via that interface, maybe even without
>your noticing.  If newer versions have the ability to disable this
>interface, we can consider testing and subsequently including those with
>our packages.

enable-remote-toggle  0
enable-remote-http-toggle  0
enable-edit-actions 0
allow-cgi-request-crunching 0
>B) We're in the process of switching over to Polipo rather than Privoxy,
>since it's smaller, simpler, and it does pipelining better.  You'll
>notice that the Tor Browser Bundle we ship already includes Polipo.

     Does polipo do all the other good things that privoxy does, including
ad blocking and clickjack blocking?
>Those two reasons combined mean we're leaving the Privoxy that we ship
>on the old version.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *