[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Browser Bundle

On 09.11.2011 02:45, Andrew Lewman wrote:
> On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote:
>> Does that work? As I understand it, clicking the "Use a new identity"
>> button in Vidalia tells Tor to build new circuits for subsequent
>> connections, but it doesn't seem to affect Aurora -- all the cookies that
>> have assembled since the start of the session are still there. (At least
>> on Linux, using the current version.)
>> Or is there a different 'new identity' feature I missed?
> There is a 'new identity' button in vidalia which does both clear caches and 
> such in aurora and send new identity command to tor.
>>> Intuitevly it sounds bad, yes.  However, I'd like to see baseline
>>> research and then settings changes that are proven to improve anonymity
>>> for the user. Of course, 'improve anonymity' implies some sort of
>>> measurement, which ties into
>>> https://blog.torproject.org/blog/research-problem-measuring-safety-tor-n
>>> etwork
>> If that is an open research question, why play it risky in the meantime?
> To be clear, tbb already blocks 3rd party cookies. As for javascript enabled, 
> I'm hoping Mike or Erinn will comment on why we ship tbb with javascript 
> enabled by default. I know noscript and torbutton defang many attacks already, 
> even with javascript disabled.

It is very interesting for what JS enabled in TBB by default. After
upgrading TBB I need to disable it each time and at first always I
forget do it :(
But I have a very important questiong. Many sites don't properly
workable without JS. But it is very nessesary to use it without sending
information about real location of client.
Such sites are sites of internet bankings, systems of lodging pleadings
to courts in some countries and etc. which I use only through Tor.
What do the Tor distributors think about that problem? And what is
better to do for it?
Of course, I use transparent torification. And I am always do it being
behind NAT (for preventing scripts read and sent to adversary my
external ips).
tor-talk mailing list