Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Conversation occured around 6:45 EST, April 7, 2012, regarding Javascript. 4eiruntyxxbgfv7o.onion:6667 #torchan. Completely unedited for the duration of the discussion.
- <Nekro> So, as quick question, can someone exploit a weakly-defended site to exploit you?
- <Nekro> Or do the malicious site owners have to make an active effort to do it?
- <fancycakes> Wait
- <Nekro> I want to make a permanent exception for Tormail's Roundcube to allow JS for NoScript
- <fancycakes> Is it the use who's exploiting vulnerabilities, or is it the webmaster exploiting browser vulnerabilities?
- <fancycakes> *user
- <Nekro> webmaster
- <fancycakes> Um.
- <Nekro> Or user, for that matter. If he manages to somehow do something to the page
- <fancycakes> The Tor Project has said recently that banning JS with TBB is less secure/anonymous than having all JS allowed.
- <fancycakes> Having JS disabled is easier to associate with certain visitors than those who allow all JS.
- <Nekro> So it's actually [i]better[/i] to always have JS enabled?
- <Corsair> Profiling people based off of their JS status?
- <Nekro> Fail italics
- <fancycakes> It is better to have JS allowed.
- <Nekro> That's a total mindfuck
- <Corsair> agreed..
- <fancycakes> I should say it's more anonymous
- <fancycakes> You still should watch out for malicious JS.
- <Nekro> Until someone manages to exploit the JS into revealing your IP :P
- <Nekro> Can I throw this whole conversation up on a Pastebin for the future or no? Because this is a whole new revelation for me
- <Corsair> Still doesn't seem right
- * vorbidd (vorbidd@OnionNet) has joined #torchan
- <vorbidd> o/
- <Corsair> \o
- <fancycakes> The Tor Project released a blogpost about it.
- <Nekro> Huh, I'll look into it
- _________________________________________________________________________________________________________
- Still haven't found anything regarding the Tor Blog stating that Javascript actually *helps* your privacy. If anyone finds anything, report back. This is an interesting new relevation to the subject matter of anonymity. Send me the letter if you discover something new and I'll update this page in the future on the findings.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement