Tor and Javascript

Nekro Apr 7th, 2012 776 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Conversation occured around 6:45 EST, April 7, 2012, regarding Javascript. 4eiruntyxxbgfv7o.onion:6667 #torchan. Completely unedited for the duration of the discussion.
  3. <Nekro> So, as quick question, can someone exploit a weakly-defended site to exploit you?
  4. <Nekro> Or do the malicious site owners have to make an active effort to do it?
  5. <fancycakes> Wait
  6. <Nekro> I want to make a permanent exception for Tormail's Roundcube to allow JS for NoScript
  7. <fancycakes> Is it the use who's exploiting vulnerabilities, or is it the webmaster exploiting browser vulnerabilities?
  8. <fancycakes> *user
  9. <Nekro> webmaster
  10. <fancycakes> Um.
  11. <Nekro> Or user, for that matter. If he manages to somehow do something to the page
  12. <fancycakes> The Tor Project has said recently that banning JS with TBB is less secure/anonymous than having all JS allowed.
  13. <fancycakes> Having JS disabled is easier to associate with certain visitors than those who allow all JS.
  14. <Nekro> So it's actually [i]better[/i] to always have JS enabled?
  15. <Corsair> Profiling people based off of their JS status?
  16. <Nekro> Fail italics
  17. <fancycakes> It is better to have JS allowed.
  18. <Nekro> That's a total mindfuck
  19. <Corsair> agreed..
  20. <fancycakes> I should say it's more anonymous
  21. <fancycakes> You still should watch out for malicious JS.
  22. <Nekro> Until someone manages to exploit the JS into revealing your IP :P
  23. <Nekro> Can I throw this whole conversation up on a Pastebin for the future or no? Because this is a whole new revelation for me
  24. <Corsair> Still doesn't seem right
  25. * vorbidd (vorbidd@OnionNet) has joined #torchan
  26. <vorbidd> o/
  27. <Corsair>               \o
  28. <fancycakes> The Tor Project released a blogpost about it.
  29. <Nekro> Huh, I'll look into it
  31. _________________________________________________________________________________________________________
  33. Still haven't found anything regarding the Tor Blog stating that Javascript actually *helps* your privacy. If anyone finds anything, report back. This is an interesting new relevation to the subject matter of anonymity. Send me the letter if you discover something new and I'll update this page in the future on the findings.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand