-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Tor Users,
I teach a workshop on privacy and anonymity and I've gotten some questions that I didn't know how to answer. Maybe somebody can answer a few of these. 1. If I have multiple Firefox profiles, one of which is exclusively for Tor use, if I use another profile with javascript later on, is that a threat to the data stored in the other profiles? Can add-ons see information in other profiles? 2. If I'm doing my Tor browsing in one browser (say, Firefox) and open up another one (say Ephiphany) that has javascript enabled, what risks do I face? AFAIK javascript can see what's in your clipboard, which would be bad if I'm using the clipboard with Torified content Is that it? 3. One of the common criticisms of NoScript+Tor is that a malicious exit node can pretend to be any site it wishes. What about enabling js on file:// urls? If I understand them correctly, the browser won't make any external requests and then there would be no threat of an attack. 4. TorButton (wisely) disabled updates. Aside from the risk of an exit node making you download it's own module, what other risks are there? Does firefox submit any information that could identify you aside from what plugins you use? Thanks, Ringo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJXz1w6pWcWSc5BE4RAiXBAKCx7gwtZ/yHfNhJFkbtgr8DwFDCDQCg1qt9 vOe6O7tV94ms4UI3u8KskQs= =Ny4+ -----END PGP SIGNATURE-----