Beware of the Flash and other third-party plugins to your browser. Flash can also store "flash cookies" on your system as well. I would look at "about:plugins" and see what Firefox has loaded. Torbutton does a good job at stopping third party plugins, but if you specifically allow Flash and do not clear the cookie from Flash, you may have a problem.
Other than that, you have the right idea. :) On Mon, Jul 12, 2010 at 8:45 AM, Matthew <pump...@cotse.net> wrote: > Hello, > > I have been reading the Torbutton documentation (thanks, guys) and have a > question about the adversary capabilities. > > The first adversary capability is "inserting javascript". The document > says that "If not properly disabled, Javascript event handlers and timers > can cause the browser to perform network activity after Tor has been > disabled, thus allowing the adversary to correlate Tor and Non-Tor activity > and reveal a user's non-Tor IP address." > > The third adversary capability is "inserting CSS". The document says that > "CSS can also be used to correlate Tor and Non-Tor activity and reveal a > user's Non-Tor IP address, via the usage of CSS popups - essentially > CSS-based event handlers that fetch content via CSS's onmouseover attribute. > If these popups are allowed to perform network activity in a different Tor > state than they were loaded in, they can easily correlate Tor and Non-Tor > activity and reveal a user's IP address." > > I understand that Torbutton is useful for protecting privacy in multiple > ways. But I would like to address this specific issue if I may. > > Let us imagine that a user surfs the net using Tor (and Polipo or > Privoxy). He has JavaScript installed and uses it for all sites. He > finishes his activities and then closes his browser. He then wipes the > following files and directories (I am using Ubuntu as my example): > > /.mozilla/firefox/nameofuser/cookies.sqlite > /.mozilla/firefox/nameofuser/downloads.sqlite > /.mozilla/firefox/nameofuser/cookies.sqlite-journal > /.mozilla/firefox/nameofuser/places.sqlite > /.mozilla/firefox/nameofuser/places.sqlite-journal > /.mozilla/firefox/nameofuser/formhistory.sqlite > > /.mozilla/firefox/nameofuser/Cache/ > > Now I assume that these Javascript events and handlers and the CSS handlers > were downloaded into the Cache from when the user was browsing using Tor. > They would then be deleted as detailed above. Therefore, when the user loads > up Firefox and turns off the Tor proxy settings, presumably the potential > for JavaScript or CSS to connect Tor and non-Tor activity and get the users > real (non-Tor) IP address is no longer a concern? > > Is this correct? Or am I missing something? Just to re-state: I am only > looking at this one issue - I am well aware of how useful Tor button is in > other areas! > > Thanks. >