Re: New Bundle Version 1.3.10
On Wed, 27 Oct 2010 10:22:07 + Erinn Clark er...@torproject.org wrote: * M moeedsa...@gmail.com [2010:10:16 18:48 +]:=20 Why the switch to noscript? and link on the issue? Hey there, I am working on writing this up -- I sat down with Mike Perry, the Torbutton developer, and we went over what each of the Firefox extensions added. It's= not in any kind of proper document yet, but here are my notes about the new extensions so you aren't left hanging for too much longer: HTTPS-Everywhere - pre-emptively converts http URLs into https URLs for many popular sites that support https NoScript - majority of options are disabled Erinn, I'm not sure what you meant there. Did you mean that NoScript disables the majority of Firefox options? Or that the majority of NoScript options is disabled in this version of the bundle? - allows users to globally toggle javascript - provide click-to-play placeholders in the event that users want to set to= rbutton to enable plugins FWIW, I'd like to recommend also using QuickJava, which allows toggling of Java and JavaScript individually. In other words, allowing scripts in NoScript allows one still to disable Java while leaving JavaScript enabled if one so desires. If scripts are disabled in NoScript, then clicking on the QuickJava buttons has no effect. I, for one, *never* want Java enabled for anything, but in a very few cases, I do allow JavaScript to run. BetterPrivacy - exists only to delete flash cookies in the event that users allow plugins and run certain flash apps. it cleans up any data that flash might write outside of our control. (backup mechanism.) I'll let you know when I have a fuller analysis available. Okay. You might want to look through all the stuff on the NoScript web pages to get a better understanding of the extensive list of pretty awful leakages and attacks that NoScript can block. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Bundle Version 1.3.10
On 11/2/2010 3:01 AM, Scott Bennett wrote: On Wed, 27 Oct 2010 10:22:07 + Erinn Clarker...@torproject.org wrote: NoScript - majority of options are disabled Erinn, I'm not sure what you meant there. Did you mean that NoScript disables the majority of Firefox options? Or that the majority of NoScript options is disabled in this version of the bundle? Not sure what was meant, but would it make * any * sense to include NoScript then disable most functionality of it? On 11/2/2010 3:01 AM, Scott Bennett wrote: FWIW, I'd like to recommend also using QuickJava, which allows toggling of Java and JavaScript individually. In other words, allowing scripts in NoScript allows one still to disable Java while leaving JavaScript enabled if one so desires. Huh? It's early in AM, but which are you advocating - or both? If scripts are disabled in NoScript, then clicking on the QuickJava buttons has no effect. Others can weigh in on this: In past, I've had conflicts running QuickJava Torbutton. One prob was once toggled Torbutton off, shut down Tor, QuickJava didn't properly toggle plugins unless restarted Firefox - * at minimum. * Been a while, but may have had to uninstall / reinstall QuickJava to restore functions. Plan on trying it again. I, for one, *never* want Java enabled for anything, but in a very few cases, I do allow JavaScript to run. How do you get pages to work correctly - such as clicking links to d/l files, if only allow JS on very few pages? Seems to me, more trusted sites than not require some JS to use the sites. I'm curious, since you said very few, not on trusted sites. Okay. You might want to look through all the stuff on the NoScript web pages to get a better understanding of the extensive list of pretty awful leakages and attacks that NoScript can block. Back to QuickJava NoScript: Aren't they overlapping - possibly conflicts of using both? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Bundle Version 1.3.10
* M moeedsa...@gmail.com [2010:10:16 18:48 +]: Why the switch to noscript? and link on the issue? Hey there, I am working on writing this up -- I sat down with Mike Perry, the Torbutton developer, and we went over what each of the Firefox extensions added. It's not in any kind of proper document yet, but here are my notes about the new extensions so you aren't left hanging for too much longer: HTTPS-Everywhere - pre-emptively converts http URLs into https URLs for many popular sites that support https NoScript - majority of options are disabled - allows users to globally toggle javascript - provide click-to-play placeholders in the event that users want to set torbutton to enable plugins BetterPrivacy - exists only to delete flash cookies in the event that users allow plugins and run certain flash apps. it cleans up any data that flash might write outside of our control. (backup mechanism.) I'll let you know when I have a fuller analysis available. Thanks, Erinn signature.asc Description: Digital signature
New Bundle Version 1.3.10
Hello. I'm reposting this. I've used Tor since 2005. Started with Mac and virtually no problems as long as I use it out of the box. Of course, I have since learned only a little bit more, like configuring Firefox, disabling plug-ins and keeping out extensions. I did try NoScript for a while and didn't like it. Moved to Windows and use that mostly as the internet where I live is terrible. I go to internet cafes, all the computers are Windows, and the country in which I live blocks more sites than any other country. Now I've been told using a proxy here is illegal but I do anyway. Well, I recently downloaded and extracted the USB Vidalia/Tor bundle version 1.3.10. It came with NoScript. Is this correct? Well, Vidalia keeps crashing, usually won't open and when it does I get a Google captcha I cannot get past and have to start all over. When I finally get past it, Tor/Vidalia crashes so it's hard to see what is in the logs. I tried at first just to look at the Network View 'cuz it was taking so long to open Firefox once Tor was open, and that wouldn't work either and finally crashed Vidalia/Tor again. The options for NoScript are not really clear to me (I keep going over them though), and the icons don't seem to look the same as what is next to the Torbutton toggle and what it shows in the options window when clicked on. So, how do I disable or otherwise get rid of this NoScript, no want? Why, by the way, is this part of Tor now, rather than an option one can opt out of? I mean, is this supposed to be the new version and has anyone else had this sort of problem? I stopped using NoScript because I had found information that it could change settings in Privoxy I think, without a client knowing this, so I thought it prudent to be safe, rather than tricked up with bells and whistles like new and neat looking icons in my browser. Wish I knew someone in this country who really is a tech and knows Tor to learn from. Thanks for any help, words of advice or just some vice. That would be nice:)
Re: New Bundle Version 1.3.10
On Sat, Oct 16, 2010 at 10:00:07AM -0400, zzzjethro...@email2me.net wrote 5.1K bytes in 137 lines about: : Well, I recently downloaded and extracted the USB Vidalia/Tor bundle version 1.3.10. It came with NoScript. Is this correct? Well, Vidalia keeps crashing, usually won't open and when it does I get a Google captcha I cannot get past and have to start all over. Yes, this is correct. Vidalia crashing is unrelated to Firefox and noscript. Opening a bug about the vidalia crashes would be good. : The options for NoScript are not really clear to me (I keep going over them though), and the icons don't seem to look the same as what is next to the Torbutton toggle and what it shows in the options window when clicked on. So, how do I disable or otherwise get rid of this NoScript, no want? In general, we try to set conservative options so the bundle is safe by default. A document describing the options included and why they were set to a value would be fantastic. I opened a ticket about this, https://trac.torproject.org/projects/tor/ticket/2078 -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Bundle Version 1.3.10
Why the switch to noscript? and link on the issue? On Sat, Oct 16, 2010 at 6:26 PM, and...@torproject.org wrote: On Sat, Oct 16, 2010 at 10:00:07AM -0400, zzzjethro...@email2me.net wrote 5.1K bytes in 137 lines about: : Well, I recently downloaded and extracted the USB Vidalia/Tor bundle version 1.3.10. It came with NoScript. Is this correct? Well, Vidalia keeps crashing, usually won't open and when it does I get a Google captcha I cannot get past and have to start all over. Yes, this is correct. Vidalia crashing is unrelated to Firefox and noscript. Opening a bug about the vidalia crashes would be good. : The options for NoScript are not really clear to me (I keep going over them though), and the icons don't seem to look the same as what is next to the Torbutton toggle and what it shows in the options window when clicked on. So, how do I disable or otherwise get rid of this NoScript, no want? In general, we try to set conservative options so the bundle is safe by default. A document describing the options included and why they were set to a value would be fantastic. I opened a ticket about this, https://trac.torproject.org/projects/tor/ticket/2078 -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/