[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Browser Bundle

On 07/11/11 02:32, Andrew Lewman wrote:

> I'd like to see someone do research that proves or disproves this fear that 
> javascript and cookies everywhere is hazardous to the anonymity of a tor user. 

I don't think any research is required to know that "third party"
cookies at least, are used to track users across sites. And that
tracking Tor users across sites is very likely to reduce their anonymity.

If you don't want to disable cookies altogether, I'd at least recommend
disabling third party ones. If you think that will affect the user
experience badly, it's worth noting that Apple disables third party
cookies by default in Safari, so it can't be all that bad... I've not
personally come across any sites where it has caused problems for me,
but I will admit that such sites must exist.

> In my world, I'd replace noscript with requestpolicy. If you never request the 
> 3rd party sites, then you cut out lots of risks/cruft, in theory. This is the 
> core idea behind requestpolicy.  Unfortunately, this breaks lots of websites 
> and would freak out most tor users. However, this is another fine study to 
> undertake.

I use both. RequestPolicy is definitely much more difficult to maintain,
but makes your browsing experience so much safer. I don't think the
average user is going to be happy with RequestPolicy in its current
form. FYI, you'll find my name on https://www.requestpolicy.com/about

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list