On 1/6/2014 12:39 PM, dhanlin wrote:
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
By my judgment, you are more
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
Let us try to define what fingerprinting Tor use means exactly. It
: Re: [tor-talk] Risk of selectively enabling JavaScript
On 1/6/2014 12:39 PM, dhanlin wrote:
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible
On Tue, 07 Jan 2014 12:58:49 +, Mark McCarron wrote:
...
The fact that TBB disables javascript is a testimony to how bad the
javascript coders of Firefox are.
Ex falso sequitur quodlibet.
I think there is a solid argument for adding filters to the exit nodes that
strip anything that
connections.
Regards,
Mark McCarron
Date: Tue, 7 Jan 2014 15:00:41 +0100
From: a.k...@gmx.de
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Risk of selectively enabling JavaScript
On Tue, 07 Jan 2014 12:58:49 +, Mark McCarron wrote:
...
The fact that TBB disables javascript
in
the packet that indicate this should be disabled.
Its not really difficult and not applicable to end-to-end tls connections.
Regards,
Mark McCarron
Date: Tue, 7 Jan 2014 15:00:41 +0100
From: a.k...@gmx.de
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Risk of selectively
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Risk of selectively enabling JavaScript
You have to keep in mind it's a slippery slop of censoring the content
of users that use the Tor network. If we were to add an option for
filtering out Javascript what would stop a exit-node operator
On 1/7/2014 11:09 AM, Mark McCarron wrote:
We're not discussing censorship, but the removal of potential exploitable
data. Its not a keyword system, it removes cookies, web bugs, adds jitter to
timings, etc. It can be disabled with a click.
Regards,
Mark McCarron
Tor exit nodes
Point by point.
Javascript, by itself, is not an issue and poses no more of a security threat
than any other type of data transferred online. Coding errors in image
handling, html parsing, ftp, etc., can all be used to inject code.
Note that (potential) privilege escalation bugs are found
Point by point.
Javascript, by itself, is not an issue and poses no more of a security
threat than any other type of data transferred online. Coding errors in
image handling, html parsing, ftp, etc., can all be used to inject code.
Note that (potential) privilege escalation bugs
However, IIRC, the amount of additional latency required
to make timing attacks non-trivial is far more than would be
acceptable
to the typical user.
I'd personally be happy to have more delays and slowdowns, if it was a
feature that was making Tor's anonymity protection features more
On 1/7/14 9:49 PM, Mark McCarron wrote:
That will be the end for Tor.
Then I salute you sir!
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Tue, 2014-01-07 at 12:48 +0100, Gerardus Hendricks wrote:
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
As TBB is a standard product, its fingerprint should be the same for
everyone.
Tell that to the guy that got arrested on campus, because he was one of
a few people using it.
People talk a good game in an armchair quarterback sort of way - if
he'd only... Unless they're seasoned veterans at
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
By my judgment, you are more likely to be deanonymized by a Firefox
15 matches
Mail list logo