Thus spake Matthew (pumpkin@xxxxxxxxx): > So to go back to the OP's question (my question)....what do people think > of my questions about JavaScript being able to obtain non-Tor IPs when > wiping the cache? If you are also restarting the browser, or closing all windows, you are probably safe from most direct javascript attack vectors. The main danger is in leaving pages open after changing proxy settings. Then direct unmasking is possible. Identifiers can be stored in the page javascript itself. However, Javascript still has quite a bit of ability to fingerprint you based on your desktop resolution, user agent, timezone, any many other things. Torbutton does a good job of blocking a lot of the fingerprintable attributes, which make it hard to correlate your non-tor browser fingerprint to your tor browser fingerprint. More work still needs to be done here, but we do handle quite a bit of the major fingerprinting sources. See also: https://wiki.mozilla.org/Fingerprinting -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpCkrHr7ZqZf.pgp
Description: PGP signature