Thank you for the explanation. > The JonDoNym test is only using the Javascript versions of these > attacks, and therefore the JonDoFox profile they provide is given a > green "pass" against them, even though a dedicated adversary could > extract the same information with CSS3 alone. When I run Torbutton > with Javascript disabled, I get very similar results to the JonJoFox > profile on their test (are you sure you had javascript fully > disabled?)
I am absolutely sure I have js disabled to the extent allowed by javascript.enabled = false. Furthermore, I tried to filter scripts out with Privoxy (also disabling ssl, of course) and obtained the same results... Anyway, in this thread, Karsten N. has confirmed that the *current* version of JonDoNym tests does not require any js. > This places us in an interesting legal situation with > Mozilla, because technically such a patch means that we can no longer > use the trademark "Firefox" to describe the browser we provide in this > case. Is it that bad? Are there any fundamental problems with Iceweasel etc? I do not think Tor Project has to rely on the Firefox brand awareness to distribute Tor Bundle among end users. Maybe, having an independent "security-oriented" patched branch of Firefox or Chrome can facilitate accepting some of the patches by the upstream. And what about extensions.torbutton.resize_windows? It is not a bug or my side misconfiguration issue that I have no such option for the current TB, is it? -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
