Delivery-Date: Sun, 27 Jul 2014 03:12:05 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 1FA981E02C2
	for <archiver@seul.org>; Sun, 27 Jul 2014 03:12:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id DFB562F9C1;
	Sun, 27 Jul 2014 07:11:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7E49D2E731
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 07:08:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id raQLvHogTCux for <tor-talk@lists.torproject.org>;
 Sun, 27 Jul 2014 07:08:38 +0000 (UTC)
Received: from mail-vc0-x230.google.com (mail-vc0-x230.google.com
 [IPv6:2607:f8b0:400c:c03::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 5BC7F2E4B5
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 07:08:38 +0000 (UTC)
Received: by mail-vc0-f176.google.com with SMTP id id10so9484289vcb.21
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 00:08:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=6vmnNLNHzCyZ32tnrSu7Rf1UDJtIx4GtxZ/7WuFAbMk=;
 b=05uRwtye7LquxWRbcqSjM6lopt45GZIhaHTnz8M7vbWnMJ+Oonph+zLASkOtRZ7izp
 jhCYe8oXfw6FSyHe4KR/TPCYcEZt4lktTK6/1XDQupcF/+JMF3Ye6XrtJgP8/ViaByBT
 MUO87ChdXAUv7f14ASs+BSsk1o3hrQcKKx6A8D8jtv4/ljbakIT3OwCO26KFUfsL5r1c
 pOa7VmOFmu2gNUV66bWd5cjCWOuRAitguUme/1UeLjyUagjH2VM1NHWJLsSZtBcicj09
 UJiNT7oQIQewxzpTGWm1f4UJQAvsbpIPCucgqL1I4xAlIkQgpo5xVaHwmA6uRVCx+aVP
 zSxQ==
MIME-Version: 1.0
X-Received: by 10.53.13.200 with SMTP id fa8mr4747749vdd.57.1406444915853;
 Sun, 27 Jul 2014 00:08:35 -0700 (PDT)
Received: by 10.221.65.131 with HTTP; Sun, 27 Jul 2014 00:08:35 -0700 (PDT)
In-Reply-To: <53D400DA.6070203@gmx.com>
References: <53D400DA.6070203@gmx.com>
Date: Sun, 27 Jul 2014 03:08:35 -0400
Message-ID: <CAD2Ti2-6-1kRZac=7WWtHw9U5q6fQYAvVePSuk0bXBBRO4sVog@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] User views on lesser of 2 evils_Tor FAQ on using
	java script
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Jul 26, 2014 at 3:26 PM, Joe Btfsplk <joebtfsplk@gmx.com> wrote:
> How do some more advanced Tor users feel about pros & cons of leaving java
> script constantly enabled or selectively enabling it?

The risk of any potential leak of real IP or actual user data
(not just meta browser environment data) is overriding consideration.
Much more than any js on/off matrix leak to some observing
exit or multi-hosting webserver (which are fringe cases to begin with).

Sandbox your apps, keep your user data minimal and compartmented,
manage your stored profiles/dotdirs and sessions. Do that and all this
talk of javascript, java, flash, dom, cookies, canvas, etc... generally
approaches moot. This doesn't mean they should be ignored, but
that in the big picture, there are bigger concepts to grasp first.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

