another q about TOR

personguy666 · #1 April 13th, 2012, 05:09 PM

ok i was using the latest browser bundle (TOR) when i accidentally put cursor over the noscript (i think) button @ top left corner and it gave me a popup menu option: forbid scripts globally (advised)
normally (w/ default torbundle settings) this option is not used.
does that mean there are ip leaks?
or is the browser autoconfigured to block some scripts and allow others (ie js)

personguy666 · #2 April 13th, 2012, 06:51 PM

um...bump?

CasperFace · #3 April 13th, 2012, 07:50 PM

JavaScript (by itself) cannot leak your IP address, so it's a non-issue. Whether you want to allow scripts globally, deny, or allow selectively is entirely up to you... based on your personal preferences.

With regard to IP leaks, the main area of concern should be to keep your browser plugins under control. That includes Java (applets, not JavaScript), Flash, ActiveX, Silverlight, etc. As long as those remain blocked, you will be fine.

If you want to avoid this hassle altogether, your best option would probably be to "socksify" your browser using a 3rd party application such as FreeCap, WideCap, SocksCap, Super Socks5Cap, or ProxyCap. That way, all browser activity--including plugins--are forced through Tor... which means you'll no longer have to worry about IP leakage.

personguy666 · #4 April 13th, 2012, 08:06 PM

thanks
another question i went on ip-check.info with tor bundle and the cache field was red.
can ip/real location leak thru cache?

CasperFace · #5 April 13th, 2012, 09:55 PM

Quote:

can ip/real location leak thru cache?

No. As long as your anonymous browser profile remains separate from your real-identity profile, there is no possibility for leaks. Cached E-Tags are similar to cookies, in that it's just another way for remote sites to remember you. This may be of concern from a privacy standpoint, but it won't break your anonymity.

personguy666 · #6 April 22nd, 2012, 02:06 PM

but cookies/cache don't transfer between browsers (ie chrome and firefox w/ tor) right?

marktor · #7 April 22nd, 2012, 07:25 PM

Quote:

Originally Posted by personguy666

but cookies/cache don't transfer between browsers (ie chrome and firefox w/ tor) right?

Right. If you are using the tor browser bundle the cookies/cache you have in chrome and IE should not matter. Though personally I would just keep those clear as well.

personguy666 · #8 April 22nd, 2012, 08:42 PM

oh thanks.
also when i go on ip-check.info it says that it's bad that i have lots of fonts on my computer.
can the font# really be used to find your real ip address? how does that work?

CasperFace · #9 April 22nd, 2012, 09:36 PM

Quote:

Originally Posted by personguy666

oh thanks.
also when i go on ip-check.info it says that it's bad that i have lots of fonts on my computer.
can the font# really be used to find your real ip address?

No, it can't. In fact, I wouldn't worry about it at all. They're just pointing out a component of a theoretical attack known as "browser fingerprinting" which, in this case, has absolutely nothing to do with being able to pinpoint IP addresses. Keep in mind that while IP-check.info is a useful tool, ultimately they want to sell you their product... so naturally some of those "warnings" tend to be greatly exaggerated.

personguy666 · #10 April 23rd, 2012, 05:13 PM

Quote:

Originally Posted by marktor

Right. If you are using the tor browser bundle the cookies/cache you have in chrome and IE should not matter. Though personally I would just keep those clear as well.

but they do matter in regular firefox browser right? if you have a different regular firefox

CasperFace · #11 April 23rd, 2012, 10:40 PM

Quote:

Originally Posted by personguy666

but they do matter in regular firefox browser right? if you have a different regular firefox

If you have two different Firefox browsers (let's say one 'regular' FF and one Tor Browser) then each one will have its own separate cache/cookies directory. Since the profiles are totally independent of one another, there is no possibility of cross-contamination while browsing.

Only your plugin directories (Flash cache, Sun Java cache, etc.) are shared between multiple browser instances.

lotuseclat79 · #12 April 24th, 2012, 01:53 PM

Quote:

Originally Posted by personguy666

ok i was using the latest browser bundle (TOR) when i accidentally put cursor over the noscript (i think) button @ top left corner and it gave me a popup menu option: forbid scripts globally (advised)
normally (w/ default torbundle settings) this option is not used.
does that mean there are ip leaks?
or is the browser autoconfigured to block some scripts and allow others (ie js)

Hi personguy666,

You should always forbid scripts globally with NoScript, and then selectively allow them to view the contents of web pages which rely on Javascript being allowed to see content - but, not globally.

-- Tom

personguy666 · #13 April 24th, 2012, 04:05 PM

^why isn't that the default setting for tor??

lotuseclat79 · #14 April 25th, 2012, 06:29 AM

Hi personguy666,

It is a NoScript (Options)>General setting which is a Firefox add-on - i.e. it is not a part of Tor. If you check in your FF browser NoScript (Options)>General settings you should see that Scripts Globally Allowed (dangeroous) is NOT checked, i.e. then it is being enforced and is a default setting when used with Tor.

-- Tom

personguy666 · #15 April 25th, 2012, 03:50 PM

that is true
but "globally blocked" isn't checked either i think.
will my ip leak if i leave it that way??

lotuseclat79 · #16 April 25th, 2012, 05:43 PM

Globally blocked is not an option, but it means the same as an unchecked Globally Allowed.

-- Tom

personguy666 · #17 April 25th, 2012, 08:21 PM

ok the option is "forbid scripts globally".
and it is not used by default

lotuseclat79 · #18 April 26th, 2012, 07:43 AM

When you say "forbid scripts globally" if that description is not in NoScript, then in what software/version number? Are you talking about a specific version of Firefox or the Tor browser bundle? If so, then what is its name and version number?

-- Tom

personguy666 · #19 April 26th, 2012, 04:52 PM

it's next to the green onion button next to the forward back buttons
in top left corner of torbrowser...

lotuseclat79 · #20 April 26th, 2012, 05:01 PM

What I asked you was what software/version - you said Torbrowser. What version of the Torbrowser - is it Firefox version 10, 10.2, 11,...? Are you using a Torbrowser bundle? If you right-click "it" does it give you an options list for a Firefox add-on? If so, it should allow you to check "forbid scripts globally" to set it as the default. Hopefully, what you are talking about is the NoScript Firefox add-on.

Also, perchance, are you on a Windows platform?

The reason I ask is that I do not use the Tor Browserbundle, I use TAILS from a Live USB which uses Iceweasel, a Firefox derivative with NoScript. It so happens to be in a Linux Debian environment.

-- Tom

personguy666 · #21 April 26th, 2012, 05:47 PM

using the latest tor bundle.

personguy666 · #22 May 2nd, 2012, 07:22 PM

could i get an answer?
all torbundle settings are default

chronomatic · #23 May 2nd, 2012, 07:45 PM

Quote:

Originally Posted by CasperFace

If you want to avoid this hassle altogether, your best option would probably be to "socksify" your browser using a 3rd party application such as FreeCap, WideCap, SocksCap, Super Socks5Cap, or ProxyCap. That way, all browser activity--including plugins--are forced through Tor... which means you'll no longer have to worry about IP leakage.

If I am not mistaken, the Tor browser bundle does this by default. Someone correct me if I am wrong.

personguy666 · #24 May 2nd, 2012, 07:52 PM

block all scripts by default it does not apparently.
like i said theres a noscript button in left upper corner.

personguy666 · #25 May 5th, 2012, 04:48 PM

<bump>
https://trac.torproject.org/projects/tor/ticket/3007
this is what the official site says.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search