Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
On 05/09/10 21:11, Geoff Down wrote: On Sun, 05 Sep 2010 19:55 +0100, Matthewpump...@cotse.net wrote: Hello, I have yet another question that relates to the effectiveness of Tor. Gmail (and therefore presumably other webmail operators) knows my computer's time zone. It does not know the time per se but the time zone as set (in Ubuntu) through clicking on the clock, selecting preferences, then choosing location. Obviously this ignores the time (based on the location) of the Tor exit node. I do not know how Gmail knows my computer's time zone, and, in which case, what other local information it can know. Does anyone know how Gmail can do this and what other information from the client computer can be viewed. In other words, why can Gmail not, in theory, also view the real local IP? Thanks. Did you select a time zone when you set up the account? I assume you are using Torbutton, which blocks Javascript being used to read your local clock. GD AIUI, Gmail uses JavaScript to detect the time zone (but not the time) on the client machine. When I use NoScript with Gmail as untrusted, Gmail cannot use JavaScript. Changing the time zone settings (for example to something five hours behind my real time zone) does not then change the time at which e-mail appears to arrive in the Gmail inbox since this requires JavaScript which is not used since Gmail is considered untrusted. However, since many websites do require JavaScript, whether or not one is using NoScript and / or TorButton, my question was: If Gmail can get the time zone via JavaScript (when the client is using Tor) then why can it not get the real IP also via JavaScript (when the client is using Tor)? I don't think it can get the real IP since I have used various tests including http://www.decloak.net/ and Tor with JavaScript does not reveal the real IP. But why not? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
Thus spake Matthew (pump...@cotse.net): On 05/09/10 21:11, Geoff Down wrote: Did you select a time zone when you set up the account? I assume you are using Torbutton, which blocks Javascript being used to read your local clock. GD AIUI, Gmail uses JavaScript to detect the time zone (but not the time) on the client machine. When I use NoScript with Gmail as untrusted, Gmail cannot use JavaScript. Changing the time zone settings (for example to something five hours behind my real time zone) does not then change the time at which e-mail appears to arrive in the Gmail inbox since this requires JavaScript which is not used since Gmail is considered untrusted. Please actually use Torbutton instead of speculating about what protections it provides, trying to compensate with ad-hoc homebrew approaches, and then complaining to the list when the results aren't what you expect. https://www.torproject.org/torbutton/design/#adversary Noscript can have all sorts of surprising results when you allow javascript from other domains. However, since many websites do require JavaScript, whether or not one is using NoScript and / or TorButton, my question was: If Gmail can get the time zone via JavaScript (when the client is using Tor) then why can it not get the real IP also via JavaScript (when the client is using Tor)? I don't think it can get the real IP since I have used various tests including http://www.decloak.net/ and Tor with JavaScript does not reveal the real IP. But why not? Javascript cannot unmask your IP. The attacks on decloak and elsewhere are all about causing plugins and external applications to launch, which NoScript does not protect against. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpx1qJKydLEv.pgp Description: PGP signature
Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
If Gmail can get the time zone via JavaScript (when the client is using Tor) then why can it not get the real IP also via JavaScript (when the client is using Tor)? I don't think it can get the real IP since I have used various tests including http://www.decloak.net/ and Tor with JavaScript does not reveal the real IP. But why not? Because there are JavaScript functions to get the current time and timezone and there are (afaik) no such functions to get some of your network settings greetings, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
