[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton 1.1.8-alpha (Usability improvements)



Thus spake jeffery statin (jeffstatin@xxxxxxxxx):

> I do not have issues or complaints but I do have a
> question and a possible feature request.
> 
> a) Why is JavaScript not disabled by TorButton?  Does
> "hook dangerous javascript" make using JavaScript safe
> with Tor?

The combination of "hook dangerous javascript" and "isolate dynamic
content" make javascript safe, modulo browser exploits. The main
problems with javascript revolve around the ability to get timezone+OS
info, and to install event handlers/timers to load content after you
toggle Tor. These two issues are handled by those options
respectively.

For some Java plugin+OS combos, the "Disable Plugins during Tor Usage"
is also required. http://ha.ckers.org/weird/tor.cgi claims that they
are able to get Firefox 2.0 to call java functions from javascript.
When I tested with the Sun JRE 5.0 on Windows, this was only possible
up to and including Firefox 1.5, but not Firefox 2.0.  However it
appears that the new Sun JRE 6.0 has "fixed" this problem, and again
allows you full access to Java from javascript. Brilliant work,
impressive even for a company that has managed to give the same
product 5 different version numbers at the same time.

Note that allowing plugins is a lot more dangerous than just Java
anyways, so you should not have this setting unchecked for normal
usage unless you have some other type of upstream Tor-only firewall.

> b) Would it be possible to have TorButton
> automatically clear the cache, unprotected Tor
> cookies, etc when a NewNym signal is sent (for example
> by Vidalia)?

This is logistically difficult. The easier route is to add a New Nym
option to torbutton itself, and have it somehow communicate to either
vidalia or the control port directly. Allegedly raw TCP is possible
from privileged Firefox javascript, but it is likely less than pretty.
I will look into it to see if it is technically possible before the
1.2 stable release. 

Usability complications also arise though. If the user says they want
to keep their Tor cookies in a jar (or left alone entirely), should
new nym still clear them? I think so, esp since cookies can be
injected and stolen by exit nodes (even many https ones). But other
people may disagree.  Some people really like cookies. I wouldn't
expect those people to also like Tor, but I'm sure they're out there.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpO697QwQYxX.pgp
Description: PGP signature