[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] New Browser Bundle
On Sunday, November 06, 2011 15:15:21 Joe Btfsplk wrote:
> I can't imagine cookies or Javascript being enabled globally. I won't
> leave those default settings. Cookies from "regular old web sites"
> aren't necessarily the benign "little files a web site places on your
> computer to enhance the use of our site," that they used to be. Maybe
> need to read up on what "little old cookies" from avg sites can do now.
> Having them enabled globally - in Tor or regular Firefox - doesn't seem
> like a good idea. Nor does having Javascript globally enabled.
I'd like to see someone do research that proves or disproves this fear that
javascript and cookies everywhere is hazardous to the anonymity of a tor user.
I don't know a better setting for noscript. I know what I use for settings
when I use the default TBB setup.
If you use collusion with TBB, you'll see the various connections made to the
current browsing session. http://collusion.toolness.org/. I frequently hit
'new identity' to wipe the cache/cookies.
In my world, I'd replace noscript with requestpolicy. If you never request the
3rd party sites, then you cut out lots of risks/cruft, in theory. This is the
core idea behind requestpolicy. Unfortunately, this breaks lots of websites
and would freak out most tor users. However, this is another fine study to
undertake.
Intuitevly it sounds bad, yes. However, I'd like to see baseline research and
then settings changes that are proven to improve anonymity for the user. Of
course, 'improve anonymity' implies some sort of measurement, which ties into
https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network
--
Andrew
pgp 0x74ED336B
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk