Hello, Jacob! You wrote to [email protected] on Wed, 10 Jun 2009 09:47:41 -0700:
>> I think it just appeals to a different style of usage. That's the reason I >> wanted to make it anyways. I've disabled Java, set it to auto delete private >> data on shutdown, etc. I'm looking for input as far as what kinds of >> protection needs to be added. > > I'm not sure what you mean when you say that it appeals to a different > style of usage. Don't know about Tor Fox's style of usage but one of my setups is a firefox without plugins with javascript turned off going through tor via privoxy. Is torbutton really needed in such a setup? The only problem I can immediately see is css-only history stealing. Alexander Cherepanov P.S. Probably of interest to tor community: New paper by Amit Klein (Trusteer) - "Temporary user tracking in major browsers and Cross-domain information leakage and attacks". The paper is available to download from the following page: http://www.trusteer.com/temporary-user-tracking-in-major-browsers Abstract: User tracking across domains, processes (in some cases) and windows/tabs is demonstrated by exploiting several vulnerabilities in major browsers (Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a limited extent Google Chrome). Additionally, new cross-domain information leakage, and cross domain attacks are described, which provide a foundation for attacks such as "in session phishing".
