Re: How to use Google Gadgets with Tor? - Is this possible?
Let's try some science. We need a control, so lets create a blank Firefox profile. This requires running firefox with a command of 'firefox -P'. This will bring up the profile window and then you can create a blank profile and try to set your proxy to use Tor and try it again, and then try non-Tor. Then we can see if you get the same exact results, or if your old profile got damaged by one of your addons (it can happen). If the issue does *not* happen with a fresh profile, try adding your addons back one at a time until it does. Then maybe we can get somewhere. http://support.mozilla.com/en-US/kb/Managing%20profiles http://kb.mozillazine.org/Profile_Manager Mike - I'm not sure what happened before. I now am able to use Twitter inside Gmail with Tor, TorButton, and NoScript. I have to do considerable accepting of various sites to get NoScript to function (since so much is being loaded from non-Gmail locations) but then it works just as if I was using Gmail without any proxies or add-ons. Thanks for your help! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to use Google Gadgets with Tor? - Is this possible?
On Sun, 16 Jan 2011 06:06:11 + M wrote: > On Sat, Jan 15, 2011 at 7:02 PM, Mike Perry wrote: > > You could also install an addon to observe the requests your browser > > uses in both non-Tor and Tor accesses of this gadget to see if the > > requests appear different for some reason. That may help diagnose the > > cause: > > https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ > > https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ > On a side note, i had asked the group before about the google gadgets and > whether if there is some security issue with using it wit TOR> I receive the > response that it had not really been tested before. Should i understand its > safe now? If you are talking about the program called 'Google Gadgets', no, it has not been audited, and it is unlikely to be safe to use over Tor. This thread is about using Google gadgets embedded in a web page with Firefox (and Torbutton). Robert Ransom signature.asc Description: PGP signature
Re: How to use Google Gadgets with Tor? - Is this possible?
Thus spake Matthew (pump...@cotse.net): > Mike - thanks for your advice. > > This is not an issue for me. I do not get a captcha. > > >You could also install an addon to observe the requests your browser > >uses in both non-Tor and Tor accesses of this gadget to see if the > >requests appear different for some reason. That may help diagnose the > >cause: > >https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ > I installed this add-on. > > I wiped my cache and cookies and used the headers and generator tabs with > just Polipo and Tor running (no TorButton, NoScript, etc). > > Then I logged into Gmail and waited until everything fully loaded then > clicked the Twitter icon and waited until Twitter fully loaded (although as > mentioned one does not see the Twitter screen when using Tor). > Any ideas? Thanks! Let's try some science. We need a control, so lets create a blank Firefox profile. This requires running firefox with a command of 'firefox -P'. This will bring up the profile window and then you can create a blank profile and try to set your proxy to use Tor and try it again, and then try non-Tor. Then we can see if you get the same exact results, or if your old profile got damaged by one of your addons (it can happen). If the issue does *not* happen with a fresh profile, try adding your addons back one at a time until it does. Then maybe we can get somewhere. http://support.mozilla.com/en-US/kb/Managing%20profiles http://kb.mozillazine.org/Profile_Manager -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpKVBm7xV3O6.pgp Description: PGP signature
Re: How to use Google Gadgets with Tor? - Is this possible?
Thus spake M (moeedsa...@gmail.com): > On Sat, Jan 15, 2011 at 7:02 PM, Mike Perry wrote: > > > > > > > You could also install an addon to observe the requests your browser > > uses in both non-Tor and Tor accesses of this gadget to see if the > > requests appear different for some reason. That may help diagnose the > > cause: > > https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ > > https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ > > > > > > On a side note, i had asked the group before about the google gadgets and > whether if there is some security issue with using it wit TOR> I receive the > response that it had not really been tested before. Should i understand its > safe now? Google gadgets that rely on Google browser plugins such as Google Gears are not safe, because we canot protect against them. However, Torbutton's normal protections for the web should keep Google gadgets that use plain AJAX safe, from a privacy point of view. Of course though, you are probably not private to Google at this point, esp if you are logged in to a gmail account. But I assume you're aware of that and what this means in terms of privacy consequences, and are comfortable with that tradeoff. We do *not* recommend disabling Torbutton to get your Google gadgets to work. Then you become signifcantly less private, both to Google and to the rest of the web. If we can't get to the bottom of this and it seems likely that Torbutton is actually the cause, please file a bug report at https://trac.torproject.org/projects/tor/report/14. But so far it seems like there is some other issue which we have not yet gotten to the bottom of. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpouQCpY0reB.pgp Description: PGP signature
Re: How to use Google Gadgets with Tor? - Is this possible?
On Sat, Jan 15, 2011 at 7:02 PM, Mike Perry wrote: > > > You could also install an addon to observe the requests your browser > uses in both non-Tor and Tor accesses of this gadget to see if the > requests appear different for some reason. That may help diagnose the > cause: > https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ > https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ > > On a side note, i had asked the group before about the google gadgets and whether if there is some security issue with using it wit TOR> I receive the response that it had not really been tested before. Should i understand its safe now?
Re: How to use Google Gadgets with Tor? - Is this possible?
On 15/01/11 19:02, Mike Perry wrote: Thus spake Matthew (pump...@cotse.net): To cut a long story short after having removed TorButton, NoScript, and HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter to work from Gmail. I am using Firefox. The Twitter icon and drop-down box partially loads (but not as normal when I am not using Tor). Clicking on it appears to load some Twitter functions e.g. "transfering data from twittergadget.appspot.com" but Twitter does not load. Eventually all loading messages just stop and the screen stays as Gmail. I've noticed that some mashup services mysteriously break when Google decides to give them/you a captcha. This could be happening to you. You could try to solve a google captcha by issuing some queries and/or using Google maps first, to see if this makes any difference. Usually once you have the cookies for a session that solves a captcha, Google does not make you solve another. Mike - thanks for your advice. This is not an issue for me. I do not get a captcha. You could also install an addon to observe the requests your browser uses in both non-Tor and Tor accesses of this gadget to see if the requests appear different for some reason. That may help diagnose the cause: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ I installed this add-on. I wiped my cache and cookies and used the headers and generator tabs with just Polipo and Tor running (no TorButton, NoScript, etc). Then I logged into Gmail and waited until everything fully loaded then clicked the Twitter icon and waited until Twitter fully loaded (although as mentioned one does not see the Twitter screen when using Tor). There were two "warnings" from the headers that looked like this: Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Set-Cookie: PHPSESSID=crm7nfld6en7aei64tnhmkif72; path=/ Pragma: no-cache Content-Type: text/html; charset=UTF-8 Age: 1 Connection: keep-alive Warning: 110 localhost:8118 Object is stale These warnings did not appear in the headers when doing the same action in a non-Tor state. I can only find this exact text once and it does not refer to Tor: http://www.visualwebripper.com/forum/yaf_postst223_Add-option-to-change-the-request-header-on-link-templates-input-data-etc-.aspx The HTTP-headers addon generated 120K of text from the "headers" and "generator" tabs simply from attempting to load Twitter with Tor. Therefore there may well be other content of interest which I did not notice but the two warnings were the most overt. Any ideas? Thanks! https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to use Google Gadgets with Tor? - Is this possible?
Thus spake Matthew (pump...@cotse.net): > To cut a long story short after having removed TorButton, NoScript, and > HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter > to work from Gmail. I am using Firefox. > > The Twitter icon and drop-down box partially loads (but not as normal when > I am not using Tor). Clicking on it appears to load some Twitter functions > e.g. "transfering data from twittergadget.appspot.com" but Twitter does not > load. Eventually all loading messages just stop and the screen stays as > Gmail. I've noticed that some mashup services mysteriously break when Google decides to give them/you a captcha. This could be happening to you. You could try to solve a google captcha by issuing some queries and/or using Google maps first, to see if this makes any difference. Usually once you have the cookies for a session that solves a captcha, Google does not make you solve another. You could also install an addon to observe the requests your browser uses in both non-Tor and Tor accesses of this gadget to see if the requests appear different for some reason. That may help diagnose the cause: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpeLNswVxLSQ.pgp Description: PGP signature
How to use Google Gadgets with Tor? - Is this possible?
This post is similar to the problems people have been having with cookies and Gmail when using TorButton. In this case within Gmail I enabled "add any gadget by URL" and then added Twitter (https://twittergadget.appspot.com/gadget-gmail.xml). Without Tor when I click on the Twitter icon the Twitter feed appears in place of whatever Gmail folder I was currently browsing. (This happens once I have logged in to Twitter for the first time and therefore connected the accounts). To cut a long story short after having removed TorButton, NoScript, and HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter to work from Gmail. I am using Firefox. The Twitter icon and drop-down box partially loads (but not as normal when I am not using Tor). Clicking on it appears to load some Twitter functions e.g. "transfering data from twittergadget.appspot.com" but Twitter does not load. Eventually all loading messages just stop and the screen stays as Gmail. The only about:config entry about Twitter is extensions.https_everywhere.Twitter which is presumably irrelevant if I have removed HTTPS-Everywhere. Can anyone suggest what modifications are needed to achieve a workaround or if what I am trying to do is not viable. Thanks.