Delivery-Date: Sun, 27 Jul 2014 11:26:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C98C91E0A32
	for <archiver@seul.org>; Sun, 27 Jul 2014 11:26:54 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 893442FE79;
	Sun, 27 Jul 2014 15:26:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2E2752FF22
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 15:21:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id GQvBENHFQ3jM for <tor-talk@lists.torproject.org>;
 Sun, 27 Jul 2014 15:21:42 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.200])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 12E562FEDE
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 15:21:41 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus001)
 with ESMTPSA (Nemesis) id 0MUI56-1X3HLl0mJ8-00R0cG for
 <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 17:21:39 +0200
Message-ID: <53D518F6.9090704@gmx.com>
Date: Sun, 27 Jul 2014 10:21:26 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53D400DA.6070203@gmx.com>
 <CAD2Ti2-6-1kRZac=7WWtHw9U5q6fQYAvVePSuk0bXBBRO4sVog@mail.gmail.com>
In-Reply-To: <CAD2Ti2-6-1kRZac=7WWtHw9U5q6fQYAvVePSuk0bXBBRO4sVog@mail.gmail.com>
X-Provags-ID: V03:K0:FTLL4XStfibEvJ3nGJb3frgJYB7LrlzUbM7cdq35BJUwJ9TcaHl
 2Z0p2bwsXVM8K+pUc4KZrIjo2NYlNZGSWiLwegax01MziAxnsYWynVcJW/Dq2jcoD7T85Y3
 CgmMC+El2AGEp5sH7U7gaZ9PrUNVDOSOKxDpDp4ifdASYZBGAG+nGtr9s0pssbEjcbFFmHw
 Uv70jaxn2pPfgedCg4s5w==
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] User views on lesser of 2 evils_Tor FAQ on using
 java script
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 7/27/2014 2:08 AM, grarpamp wrote:
> On Sat, Jul 26, 2014 at 3:26 PM, Joe Btfsplk <joebtfsplk@gmx.com> wrote:
>> How do some more advanced Tor users feel about pros & cons of leaving java
>> script constantly enabled or selectively enabling it?
> The risk of any potential leak of real IP or actual user data
> (not just meta browser environment data) is overriding consideration.
> Much more than any js on/off matrix leak to some observing
> exit or multi-hosting webserver (which are fringe cases to begin with).
How do we know for a fact that observing exits (even several or many, 
operated by one entity) or multiple sites operated by one entity are 
"fringe cases?"
They may not be the gov't or NSA / GHCQ, but plenty of large, 3rd party 
trackers monitor 1000's of sites.

And if they have certain information, then for sure it's available to 
gov'ts (if only by theft) & possibly to others, especially at the right 
price.
This type thing is no longer conspiracy theory.
> Sandbox your apps, keep your user data minimal and compartmented,
> manage your stored profiles/dotdirs and sessions. Do that and all this
> talk of javascript, java, flash, dom, cookies, canvas, etc... generally
> approaches moot. This doesn't mean they should be ignored, but
> that in the big picture, there are bigger concepts to grasp first.
Assuming that all works & doesn't have as many pitfalls as java script 
itself, the overall methods are likely beyond most users.
Beyond their ability & available time.  Beyond their ability to do all 
of what you mention and not make a mistake.

Unless Tor Project just sadly accepts that most users can't accurately 
carry out such practices (so don't bring it up at all), they don't seem 
to think it's important.

Unless there were very detailed, step-by-step instructions for how to do 
things you mention (possibly many more), not many could carry them out & 
*never* make a mistake.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

