On 7/27/2014 2:08 AM, grarpamp wrote:
How do we know for a fact that observing exits (even several or many, operated by one entity) or multiple sites operated by one entity are "fringe cases?" They may not be the gov't or NSA / GHCQ, but plenty of large, 3rd party trackers monitor 1000's of sites.On Sat, Jul 26, 2014 at 3:26 PM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:How do some more advanced Tor users feel about pros & cons of leaving java script constantly enabled or selectively enabling it?The risk of any potential leak of real IP or actual user data (not just meta browser environment data) is overriding consideration. Much more than any js on/off matrix leak to some observing exit or multi-hosting webserver (which are fringe cases to begin with).
And if they have certain information, then for sure it's available to gov'ts (if only by theft) & possibly to others, especially at the right price.
This type thing is no longer conspiracy theory.
Assuming that all works & doesn't have as many pitfalls as java script itself, the overall methods are likely beyond most users. Beyond their ability & available time. Beyond their ability to do all of what you mention and not make a mistake.Sandbox your apps, keep your user data minimal and compartmented, manage your stored profiles/dotdirs and sessions. Do that and all this talk of javascript, java, flash, dom, cookies, canvas, etc... generally approaches moot. This doesn't mean they should be ignored, but that in the big picture, there are bigger concepts to grasp first.
Unless Tor Project just sadly accepts that most users can't accurately carry out such practices (so don't bring it up at all), they don't seem to think it's important.
Unless there were very detailed, step-by-step instructions for how to do things you mention (possibly many more), not many could carry them out & *never* make a mistake.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk