Re: Torfox 3.0.10.1

On Mon, Jun 15, 2009 at 2:29 AM, Tor Fox <torfox.org@gmail.com> wrote:

Well it's kind of odd to list the features I've added by what I've taken out but here goes...

First of all, Torfox is produced independently from the Tor anonymity software or Firefox web browser and carries no guarantee from The Tor Project or Mozilla Foundation about quality, suitability or anything else.

Torfox is Tor + forked Firefox with changes in the source code to make it suitable for anonymous browsing:

-no data written outside the program folder (works with USB flash drives)

-no extensions
-no java
-no _javascript_
-no plugins
-no history
-no updates
-no saved cookies
-no disk cache
-no referrer (works with anti-hotlink scripts)

-no extra request headers
-all connections through Tor socks port 9060
-all DNS lookups through tor-resolve
-no exceptions
-no proxy settings (think tsocks/freecap)

It does everything automatically, starts/stops tor, deletes profiles, etc. Also, the startup page is in a frame which will mask the current URL until you enter one manually.

Main site: http://www.torfox.org/

Installer: http://torfox.googlecode.com/svn/trunk/site/Torfox-3.0.10.1.msi
ZIP (for USB flash usage): http://torfox.googlecode.com/svn/trunk/site/Torfox-3.0.10.1.zip

Hashes: http://torfox.googlecode.com/svn/trunk/site/Torfox-3.0.10.1.sha1

The SVN is at http://torfox.googlecode.com/svn/trunk/source/3.0.10/ and has everything needed to build the binaries EXCEPT for the MSI installer, so ignore that and use the ZIP if that's an issue because I haven't gotten around to automating that just yet.

This also blocks common attacks like the CSS history recently discussed[1] and others[2].

If anyone can get Torfox to leak information (other than downloading a file and opening it) let me know.

[1] http://ha.ckers.org/weird/CSS-history.cgi
[2] http://decloak.net/