Thus spake Marco Bonetti (marco.bonetti@xxxxxxxxxxxx): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello list, > DeepSec 2009 is on, this morning I gave the talk on new HTML5 features > and how do they affect Tor browsing, if you're interested in the > presentation with some sample code for the attacks go to > http://sid77.slackware.it/. > And keep browsing with Firefox+TorButton ;-) Hey Marco, thanks for this! I have a couple of quick questions and a comment: Do you have the test cases for the offline application protocol handler registration? I'm curious if Torbutton will still block them from bypassing the proxy or delaying themselves from running until post-toggle, even if you click to allow the application to run. I think it should still be blocked from doing anything terrible, but it would be nice to know for sure. In general, it would be really nice if we could have all your test cases online so I can link them from the Torbutton Design Document, as we have done with other research like yours. The hope is that one day someone will consolidate all them into a good browser anonymity and privacy validation framework (decloak.net and deanonymizer.com are great starts, but still aren't totally complete). Also, I'm curious about your comments about the differences in implementation of video, audio and source tags in Firefox 3.6b. And finally the comment: Torbutton 1.2.3 will address the geolocation issue and a few others in Firefox 3.5. I am closing out bugs in flyspray preparing for a release hopefully this weekend. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpXphCNO7eiY.pgp
Description: PGP signature