As suggested on IRC, I think
the Tor documentation strategy needs to be rethought. Most people
barely read the download page, let alone the reems of FAQ questions.
We've had two "attacks" now on Tor that rely on unmasking users who
use Tor incorrectly. One of them actually published a paper and had
decent results at unmasking this way (mostly Asian users who probably
can't read our english mailinglist or english FAQ), and the media
still doesn't seem to understand that these attacks are well
documented.
The Tor download page should have a concice "Things to know before
downloading" section that lists a few key points about the most easy
ways your identity can be revealed through Tor. Something like
Things to know before you download Tor:
- Browser plugins can be made to reveal your IP.
- This includes Flash, Java, ActiveX and others.
- It is recommended that you use FireFox and install the extensions
NoScript, QuickJava, and FlashBlock to control this behavior if
you must have these plugins installed for non-Tor usage.
- Make sure your browser settings have a proxy listed for ALL
protocols (including Gopher and FTP).
- For further details, please consult the Tor FAQ.
I had advocated something similar some time ago. Actually what I proposed
was that some sort of test server be set up. I know there are already
many of them, but I was thinking that there could be testing stages
in an install wizard (or a post-install testing wizard)
that takes the user through various tests and what to do in response
to results. I know a lot of work, maybe another suggestion to be
listed on the volunteer page or a candidate for summer of code?