[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Basic questions from new user but...
On 5/11/2012 7:21 AM, Maxim Kammerer wrote:
I'm guessing a large # of above avg to advanced TBB users are turning
off js in No Script - at least some times. Problem is, Tor Project has
no way of knowing the #s, so no way to quantify (even theoretically) how
much it increases their browser uniqueness.
On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk<joebtfsplk@xxxxxxx> wrote:
Isn't this approach very much a double edged sword? From the link:
However, we recommend that even users who know how to use NoScript leave
It may be true that changing settings makes one's profile different, but
from all I've ever read, java script is responsible for more malicious
browser attacks than anything. That's not so good.
research. The anonymity set reduction above, while purely theoretical
and of no practical significance, is in that scope. It's a typical
case of project focus shifting priorities to user's disadvantage.
possible that turning it off offers more (theoretical) anonymity due
to the possibility of fingerprinting users' browser versions by
I don't know if your answers are totally / partly / not correct, but
they are similar to my limited understanding & gut feeling. PERHAPS if
the adversary is a hostile nation w/ complete monitoring of entire
internet traffic, ability to search ALL ISP's records / logs AND
resources & inclination to track down one user that has js turned off,
because he accessed a "forbidden" web site, the previously posed
scenarios might be a threat. I don't know & certainly don't know how
hard it would be, even for a nation, devoting those kinds of resources &
time. I'm NOT saying it's next to impossible - I'm asking.
Can someone explain to non-Tor network experts in layman's terms (25 words
or< ) :D, what exactly some one / entity HAS to be able to do in order to
profile that Joe has java script disabled,& then be able to tie it to MY
(dynamic) IP address - at * that * moment (an address that could change
anytime), or to me physically, sitting here at 123 Oak St., Bumfk, ND?
It is not possible — anonymity set reduction only shifts your
anonymity towards pseudonymity. I would guess that most browser users
do not need true anonymity, however, and are fine with pseudonymity.
Then, what are the REAL world odds that out of all the exit nodes traffic,
which are constantly changing users, that someone can monitor enough nodes
AND be able to tie it directly to ONE specific person, w/ a real name&
physical address? Are we talking that any 12 yr old w/ the right, free
software can do this, or "theoretically"?
Due to the ever increasing electronic internet monitoring activities of
LEOs in the U.S., I'm sure most would be surprised at their capabilities.
If * * * making changes to TBB settings, addons, etc, poses a REAL risk,
it might be a good idea for Tor devs to put a warning in big, red
letters on the browser start page & on the Tor Project TBB main & d/l
pages. Perhaps links to, in laymans' terms how making any changes from
default TBB settings, what so ever, could lead authorities to your
door. I'm sincere - if it's that much of a risk, the current info /
docs aren't nearly prominent or clear enough. If it's not that much of
a REAL risk, that should be explained also - how / when it MIGHT become
a real risk.
tor-talk mailing list