Thus spake Freemor ([EMAIL PROTECTED]): > I think what needs to be done here is to create a FAQ or other standard > document that will 1.) inform the vastly misinformed public. 2.) list > places and ways they can make a difference.
Excellent post, even if slight off-topic. As suggested on IRC, I think the Tor documentation strategy needs to be rethought. Most people barely read the download page, let alone the reems of FAQ questions. We've had two "attacks" now on Tor that rely on unmasking users who use Tor incorrectly. One of them actually published a paper and had decent results at unmasking this way (mostly Asian users who probably can't read our english mailinglist or english FAQ), and the media still doesn't seem to understand that these attacks are well documented. The Tor download page should have a concice "Things to know before downloading" section that lists a few key points about the most easy ways your identity can be revealed through Tor. Something like Things to know before you download Tor: - Browser plugins can be made to reveal your IP. - This includes Flash, Java, ActiveX and others. - It is recommended that you use FireFox and install the extensions NoScript, QuickJava, and FlashBlock to control this behavior if you must have these plugins installed for non-Tor usage. - Make sure your browser settings have a proxy listed for ALL protocols (including Gopher and FTP). - For further details, please consult the Tor FAQ. Maybe this will stop the same attack from hitting the blogosphere every 2 months. Even better, maybe it will stop that attack from actually working.. -- Mike Perry Mad Computer Scientist fscked.org evil labs