Re: [tor-talk] New Browser Bundle
On 11/7/2011 10:24 PM, Andrew Lewman wrote: The default tbb config does block 3rd party cookies, and clears all cookies on shutdown. Unless you've told torbutton to preserve some cookies, they're wiped. Point of symantics: Not the correct word - wiped. They are simply insecurely deleted, just like deleting any other file from windows explorer. Wiped implies securely erased. I know you know the difference, but don't want new users to think Tor / TBB securely erases data it deletes. More later on a way I thought of to securely del * ALL * TBB data after a session. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Sun, Nov 13, 2011 at 4:49 AM, zzretro...@email2me.net wrote: When one makes changes in Vidalia settings, is it necessary to restart Tor/Vidalia and or the browser? It might depend on the changes you're doing. You can add bridges without having to restart Tor/Vidalia, for example. Is that normally how those changes occur, with a restart? And if a restart is necessary, then doesn't that increase the risk to one's anonymity? I use Tor (Browser Bundle/Windows) at internet cafes. It is technically illegal to use a proxy here, so is there a way to open it and make these changes off line, so that I don't have to risk my an-0-nym-ah-tea anyone? What kind of changes do you want to do? -- Runa A. Sandvik ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
- Original Message - From: Runa A. Sandvik Sent: 11/13/11 04:12 PM To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] New Browser Bundle On Sun, Nov 13, 2011 at 4:49 AM, zzretro...@email2me.net wrote: When one makes changes in Vidalia settings, is it necessary to restart Tor/Vidalia and or the browser? It might depend on the changes you're doing. You can add bridges without having to restart Tor/Vidalia, for example. Is that normally how those changes occur, with a restart? And if a restart is necessary, then doesn't that increase the risk to one's anonymity? I use Tor (Browser Bundle/Windows) at internet cafes. It is technically illegal to use a proxy here, so is there a way to open it and make these changes off line, so that I don't have to risk my an-0-nym-ah-tea anyone? What kind of changes do you want to do? -- Runa A. Sandvik ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Well, when I disable cookies or javascript, things like that. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
When one makes changes in Vidalia settings, is it necessary to restart Tor/Vidalia and or the browser? Is that normally how those changes occur, with a restart? And if a restart is necessary, then doesn't that increase the risk to one's anonymity? I use Tor (Browser Bundle/Windows) at internet cafes. It is technically illegal to use a proxy here, so is there a way to open it and make these changes off line, so that I don't have to risk my an-0-nym-ah-tea anyone? Thanks - Original Message - From: Robert Ransom Sent: 11/09/11 09:54 PM To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] New Browser Bundle On 2011-11-09, Andrew Lewman and...@torproject.org wrote: On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote: Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? There is a 'new identity' button in vidalia which does both clear caches and such in aurora and send new identity command to tor. No. The ‘New Identity’ command in Torbutton's popup menu clears state in the browser; Vidalia's ‘New Identity’ command does not. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On 09.11.2011 02:45, Andrew Lewman wrote: On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote: Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? There is a 'new identity' button in vidalia which does both clear caches and such in aurora and send new identity command to tor. Intuitevly it sounds bad, yes. However, I'd like to see baseline research and then settings changes that are proven to improve anonymity for the user. Of course, 'improve anonymity' implies some sort of measurement, which ties into https://blog.torproject.org/blog/research-problem-measuring-safety-tor-n etwork If that is an open research question, why play it risky in the meantime? To be clear, tbb already blocks 3rd party cookies. As for javascript enabled, I'm hoping Mike or Erinn will comment on why we ship tbb with javascript enabled by default. I know noscript and torbutton defang many attacks already, even with javascript disabled. It is very interesting for what JS enabled in TBB by default. After upgrading TBB I need to disable it each time and at first always I forget do it :( But I have a very important questiong. Many sites don't properly workable without JS. But it is very nessesary to use it without sending information about real location of client. Such sites are sites of internet bankings, systems of lodging pleadings to courts in some countries and etc. which I use only through Tor. What do the Tor distributors think about that problem? And what is better to do for it? Of course, I use transparent torification. And I am always do it being behind NAT (for preventing scripts read and sent to adversary my external ips). ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On 2011-11-09, Andrew Lewman and...@torproject.org wrote: On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote: Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? There is a 'new identity' button in vidalia which does both clear caches and such in aurora and send new identity command to tor. No. The ‘New Identity’ command in Torbutton's popup menu clears state in the browser; Vidalia's ‘New Identity’ command does not. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Wed, Nov 09, 2011 at 02:54:42PM +, rransom.8...@gmail.com wrote 1.3K bytes in 18 lines about: : There is a 'new identity' button in vidalia which does both clear caches and : such in aurora and send new identity command to tor. : No. The ‘New Identity’ command in Torbutton's popup menu clears state : in the browser; Vidalia's ‘New Identity’ command does not. You are correct. I meant torbutton as shipped in tbb. English fail on my part. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
Hi Andrew, all, On 11/07/2011 03:32 AM, Andrew Lewman wrote: On Sunday, November 06, 2011 15:15:21 Joe Btfsplk wrote: I'd like to see someone do research that proves or disproves this fear that javascript and cookies everywhere is hazardous to the anonymity of a tor user. I don't know a better setting for noscript. I know what I use for settings when I use the default TBB setup. If you use collusion with TBB, you'll see the various connections made to the current browsing session. http://collusion.toolness.org/. I frequently hit 'new identity' to wipe the cache/cookies. Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? In my world, I'd replace noscript with requestpolicy. If you never request the 3rd party sites, then you cut out lots of risks/cruft, in theory. This is the core idea behind requestpolicy. Unfortunately, this breaks lots of websites and would freak out most tor users. However, this is another fine study to undertake. I tried using requestpolicy in my everyday surfing for some time, and turned it off because it was too annoying. Almost every major site uses different domains for e.g. static content, hence requestpolicy requires adding new exceptions all the time. On the other hand, I always use NoScript in its default setting without problems. In fact, I find that if scripts don't run without explicit permission, web surfing becomes much more peaceful. If I start Firefox with tabs with Youtube videos open, they won't start playing automatically, which is otherwise very annoying, for example. And if many tabs are open, Firefox will use much less memory and is less likely to crash. I'm a bit surprised that TBB includes NoScript but still allows all JavaScript by default. I suspect it would be better to disable scripts by default, leaving it to the user to decide whether s/he wants to allow scripts on a site. Intuitevly it sounds bad, yes. However, I'd like to see baseline research and then settings changes that are proven to improve anonymity for the user. Of course, 'improve anonymity' implies some sort of measurement, which ties into https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network If that is an open research question, why play it risky in the meantime? Best regards Christian -- |--- Dr. Christian Siefkes --- christ...@siefkes.net --- | Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/ |Peer Production Everywhere: http://peerconomy.org/wiki/ |-- OpenPGP Key ID: 0x346452D8 -- If one cannot state a matter clearly enough so that even an intelligent twelve-year-old can understand it, one should remain within the cloistered walls of the university and laboratory until one gets a better grasp of one's subject matter. -- Margaret Mead signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Tuesday, November 08, 2011 21:45:02 Andrew Lewman wrote: To be clear, tbb already blocks 3rd party cookies. As for javascript enabled, I'm hoping Mike or Erinn will comment on why we ship tbb with javascript enabled by default. I know noscript and torbutton defang many attacks already, even with javascript disabled. After sending this email, I remembered I opened a ticket about a similar topic, https://trac.torproject.org/projects/tor/ticket/3461 -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote: Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? There is a 'new identity' button in vidalia which does both clear caches and such in aurora and send new identity command to tor. Intuitevly it sounds bad, yes. However, I'd like to see baseline research and then settings changes that are proven to improve anonymity for the user. Of course, 'improve anonymity' implies some sort of measurement, which ties into https://blog.torproject.org/blog/research-problem-measuring-safety-tor-n etwork If that is an open research question, why play it risky in the meantime? To be clear, tbb already blocks 3rd party cookies. As for javascript enabled, I'm hoping Mike or Erinn will comment on why we ship tbb with javascript enabled by default. I know noscript and torbutton defang many attacks already, even with javascript disabled. -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On 07/11/11 02:32, Andrew Lewman wrote: I'd like to see someone do research that proves or disproves this fear that javascript and cookies everywhere is hazardous to the anonymity of a tor user. I don't think any research is required to know that third party cookies at least, are used to track users across sites. And that tracking Tor users across sites is very likely to reduce their anonymity. If you don't want to disable cookies altogether, I'd at least recommend disabling third party ones. If you think that will affect the user experience badly, it's worth noting that Apple disables third party cookies by default in Safari, so it can't be all that bad... I've not personally come across any sites where it has caused problems for me, but I will admit that such sites must exist. In my world, I'd replace noscript with requestpolicy. If you never request the 3rd party sites, then you cut out lots of risks/cruft, in theory. This is the core idea behind requestpolicy. Unfortunately, this breaks lots of websites and would freak out most tor users. However, this is another fine study to undertake. I use both. RequestPolicy is definitely much more difficult to maintain, but makes your browsing experience so much safer. I don't think the average user is going to be happy with RequestPolicy in its current form. FYI, you'll find my name on https://www.requestpolicy.com/about -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On 07/11/11 02:32, Andrew Lewman wrote: I'd like to see someone do research that proves or disproves this fear that javascript and cookies everywhere is hazardous to the anonymity of a tor user. I don't know a better setting for noscript. I know what I use for settings when I use the default TBB setup. The risks of traditional Netscape cookies are reasonably well understood, and can be controlled. However because JS can tamper with cookies the situation is more complicated than it seems. The intuitive problem with JS is that it feels like the part of the core browser architecture most likely to be vulnerable to a zero day attack. I use fluffy language here deliberately. There's quite a jump from that intuition to a falsifiable hypothesis, but it offers an explanation for cautious behaviour. NoScript offers other protections though which are more solid. Having Flash and Java turned off by default would seem to be a Good Thing™. And it intercepts various XSS/XSRF and clickjacking techniques (i.e. the known problems with JS). I think it's safe to say that these are an anonymity issue, and it adds some weight to the intuitive feeling that allowing untrusted JS is not a good idea. An advantage of having JS blocked is that you'll be alerted if a page suddenly has a script you didn't expect. It could have been injected there somehow by an adversary. If you have scripts enabled globally you're not going to notice. Personally I think the above is reason enough to have an opt-in policy for scripting. Yes, it's a slight hassle on sites that depend heavily on JS, but it offers some reassurance that I won't be inadvertently handing over my details to a third party. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
- Original Message - From: Joe Btfsplk Sent: 11/07/11 03:15 AM To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] New Browser Bundle On 11/3/2011 8:46 PM, and...@torproject.org wrote: On Thu, Nov 03, 2011 at 01:30:00AM -0400, zzretro...@email2me.net wrote 4.2K bytes in 100 lines about: : Any reason for this? Even after I unchecked enable globally I started to surf : and then noticed a different icon on the top of the window of Aurora where it : now shows an icon for 'Tor enabled and 'NoScript'. The current draft of the TBB design document is here, https://www.torproject.org/projects/torbrowser/design/ It should help explain the choices made in TBB so far. Feedback is welcome. I can't imagine cookies or Javascript being enabled globally. I won't leave those default settings. Cookies from regular old web sites aren't necessarily the benign little files a web site places on your computer to enhance the use of our site, that they used to be. Maybe need to read up on what little old cookies from avg sites can do now. Having them enabled globally - in Tor or regular Firefox - doesn' t seem like a good idea. Nor does having Javascript globally enabled. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I agree but that is what happened after I found them enabled and disabled them! They changed back to enable globally and that freaked me out. Actually, freaked me in as I refused for a while to go out surfing. I have to understand this NoScript but since the very first time I ever used it, I didn't like it. I felt uncomfortable as I perceived confusing contradictions or things that just seemed misleading to me. This requires a bright tech-mind and I am not that person. Looking at a blueprint takes me a long time before I finally go, oh, there's the porch. I can see it now. Two minutes later, I can't see it! ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Monday, November 07, 2011 05:08:57 t...@lists.grepular.com wrote: On 07/11/11 02:32, Andrew Lewman wrote: I'd like to see someone do research that proves or disproves this fear that javascript and cookies everywhere is hazardous to the anonymity of a tor user. I don't think any research is required to know that third party cookies at least, are used to track users across sites. And that tracking Tor users across sites is very likely to reduce their anonymity. It's not the tracking per se, it's how detailed the track works within the set of tor users. Does this tracking enable an ad network to determine you as an individual based on past history? Or does it simply put you into a subset of tor users that go from site A to site C to site D to site B regularly? If you fire up TBB, login to facebook, and then browse 10 other sites with facebook connect on it, well, you aren't anonymous any more. If you browse those same 10 sites all the time, but without logging into facebook, does this make you unique in the set of tor users? and therefore uniquely identifiable, even though the ad network doesn't really know who you are? If you don't want to disable cookies altogether, I'd at least recommend disabling third party ones. If you think that will affect the user experience badly, it's worth noting that Apple disables third party cookies by default in Safari, so it can't be all that bad... I've not personally come across any sites where it has caused problems for me, but I will admit that such sites must exist. The default tbb config does block 3rd party cookies, and clears all cookies on shutdown. Unless you've told torbutton to preserve some cookies, they're wiped. There's also research about behavioral advertising that suggests it's not personalized/targeted enough right now to creep people out. Except, of course, Facebook, which uses your friend's images to advertise to you. You've logged into facebook and given them that data, and tied your 'anonymous tbb usage' to you personally (at least on facebook and facebook connect sites). -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On 11/3/2011 8:46 PM, and...@torproject.org wrote: On Thu, Nov 03, 2011 at 01:30:00AM -0400, zzretro...@email2me.net wrote 4.2K bytes in 100 lines about: : Any reason for this? Even after I unchecked enable globally I started to surf : and then noticed a different icon on the top of the window of Aurora where it : now shows an icon for 'Tor enabled and 'NoScript'. The current draft of the TBB design document is here, https://www.torproject.org/projects/torbrowser/design/ It should help explain the choices made in TBB so far. Feedback is welcome. I can't imagine cookies or Javascript being enabled globally. I won't leave those default settings. Cookies from regular old web sites aren't necessarily the benign little files a web site places on your computer to enhance the use of our site, that they used to be. Maybe need to read up on what little old cookies from avg sites can do now. Having them enabled globally - in Tor or regular Firefox - doesn't seem like a good idea. Nor does having Javascript globally enabled. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Sunday, November 06, 2011 15:15:21 Joe Btfsplk wrote: I can't imagine cookies or Javascript being enabled globally. I won't leave those default settings. Cookies from regular old web sites aren't necessarily the benign little files a web site places on your computer to enhance the use of our site, that they used to be. Maybe need to read up on what little old cookies from avg sites can do now. Having them enabled globally - in Tor or regular Firefox - doesn't seem like a good idea. Nor does having Javascript globally enabled. I'd like to see someone do research that proves or disproves this fear that javascript and cookies everywhere is hazardous to the anonymity of a tor user. I don't know a better setting for noscript. I know what I use for settings when I use the default TBB setup. If you use collusion with TBB, you'll see the various connections made to the current browsing session. http://collusion.toolness.org/. I frequently hit 'new identity' to wipe the cache/cookies. In my world, I'd replace noscript with requestpolicy. If you never request the 3rd party sites, then you cut out lots of risks/cruft, in theory. This is the core idea behind requestpolicy. Unfortunately, this breaks lots of websites and would freak out most tor users. However, this is another fine study to undertake. Intuitevly it sounds bad, yes. However, I'd like to see baseline research and then settings changes that are proven to improve anonymity for the user. Of course, 'improve anonymity' implies some sort of measurement, which ties into https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
yes u r right .. Java Script an cookies should be disabled but why there r not in this version this is the question should been answered Date: Thu, 3 Nov 2011 01:30:00 -0400 From: zzretro...@email2me.net To: tor-talk@lists.torproject.org Subject: [tor-talk] New Browser Bundle Hullo. noticed that the new, very latest browser bundle for windows has Java Script enabled, cookies enabled and NoScript changed settings back to enable globally considered dangerous! Any reason for this? Even after I unchecked enable globally I started to surf and then noticed a different icon on the top of the window of Aurora where it now shows an icon for 'Tor enabled and 'NoScript'. When I went back into NoScript Preferences, that's when I found enable globally - dangerous - checked again//??*#@%^] flat on my face_ (..) I guess I really don't understand this NoScript. It shows one icon that supposedly protects me, but that icon is nowhere to be found in the preferences panel/window. Why not? It has always seemed very confusing and misleading to me and why it changes settings that I haven't changed I do not know. I am not tech savvy, computer gravy or hair wavy. But now I must learn. A little help please on how or where to go, to understand NoScript. Maybe I would be better off just disabling it altogether? H? Again though, aren't Java Script and cookies supposed to be disabled for Tor to work at its best in creating anonymity? I don't know how to tweak it like you'all do and I stopped doing substances many years ago. You know? Not playing 'hide 'n go tweak' any longer. Takes 3 months for a book on Terminal to reach me and there's still a month and a half to go! Tanks! Advance! In! ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
On Thu, Nov 03, 2011 at 01:30:00AM -0400, zzretro...@email2me.net wrote 4.2K bytes in 100 lines about: : Any reason for this? Even after I unchecked enable globally I started to surf : and then noticed a different icon on the top of the window of Aurora where it : now shows an icon for 'Tor enabled and 'NoScript'. The current draft of the TBB design document is here, https://www.torproject.org/projects/torbrowser/design/ It should help explain the choices made in TBB so far. Feedback is welcome. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser bundle
Hi Have I missed something? The new Browser Bundle for Windows shows the browser to be Aurora and not Firefox? Aurora is Firefox, just like IceCat. -- Regards Koh Choon Lin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser bundle
On 21/09/11 10:33, Achter Lieber wrote: If I 'start the Tor browser', it will connect but in order to disable those settings I have to change them and then restart the Tor again. Doesn't this show that I am using Tor and where I am? I live in a country where using any sort of proxy is illegal and risking having to speak with people whose logic is quite different than my culture is not something I look forward to. Simply starting a browser with JS or cookies enabled will not automatically disclose your identity. They do however provide a mechanism by which it can occur. If you haven't visited any websites yet then you can safely turn off the undesired features without being compromised. You should be aware that neither Tor nor any other proxy can guarantee you 100% anonymity. You will need to take care not to compromise yourself, especially if you believe you are being actively watched. If you are connecting to a public relay then it will be obvious that you are using Tor; finding a bridge in your own region may be the safest course of action. Regards Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk