I have been reading the Torbutton documentation (thanks, guys) and have a question about the adversary capabilities.
The third adversary capability is "inserting CSS". The document says that "CSS can also be used to correlate Tor and Non-Tor activity and reveal a user's Non-Tor IP address, via the usage of CSS popups - essentially CSS-based event handlers that fetch content via CSS's onmouseover attribute. If these popups are allowed to perform network activity in a different Tor state than they were loaded in, they can easily correlate Tor and Non-Tor activity and reveal a user's IP address."
I understand that Torbutton is useful for protecting privacy in multiple ways. But I would like to address this specific issue if I may.
Is this correct? Or am I missing something? Just to re-state: I am only looking at this one issue - I am well aware of how useful Tor button is in other areas!