another q about TOR

Discussion in 'privacy technology' started by personguy666, Apr 13, 2012.

Thread Status:
Not open for further replies.
  1. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    ok i was using the latest browser bundle (TOR) when i accidentally put cursor over the noscript (i think) button @ top left corner and it gave me a popup menu option: forbid scripts globally (advised)
    normally (w/ default torbundle settings) this option is not used.
    does that mean there are ip leaks?
    or is the browser autoconfigured to block some scripts and allow others (ie js)
     
  2. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    um...bump?
     
  3. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    JavaScript (by itself) cannot leak your IP address, so it's a non-issue. Whether you want to allow scripts globally, deny, or allow selectively is entirely up to you... based on your personal preferences.

    With regard to IP leaks, the main area of concern should be to keep your browser plugins under control. That includes Java (applets, not JavaScript), Flash, ActiveX, Silverlight, etc. As long as those remain blocked, you will be fine.

    If you want to avoid this hassle altogether, your best option would probably be to "socksify" your browser using a 3rd party application such as FreeCap, WideCap, SocksCap, Super Socks5Cap, or ProxyCap. That way, all browser activity--including plugins--are forced through Tor... which means you'll no longer have to worry about IP leakage.
     
  4. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    thanks
    another question i went on ip-check.info with tor bundle and the cache field was red.
    can ip/real location leak thru cache?
     
  5. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    No. As long as your anonymous browser profile remains separate from your real-identity profile, there is no possibility for leaks. Cached E-Tags are similar to cookies, in that it's just another way for remote sites to remember you. This may be of concern from a privacy standpoint, but it won't break your anonymity.
     
  6. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    but cookies/cache don't transfer between browsers (ie chrome and firefox w/ tor) right?
     
  7. marktor

    marktor Registered Member

    Joined:
    Dec 4, 2011
    Posts:
    143
    Right. If you are using the tor browser bundle the cookies/cache you have in chrome and IE should not matter. Though personally I would just keep those clear as well.
     
  8. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    oh thanks.
    also when i go on ip-check.info it says that it's bad that i have lots of fonts on my computer.
    can the font# really be used to find your real ip address? how does that work?
     
  9. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    No, it can't. In fact, I wouldn't worry about it at all. They're just pointing out a component of a theoretical attack known as "browser fingerprinting" which, in this case, has absolutely nothing to do with being able to pinpoint IP addresses. Keep in mind that while IP-check.info is a useful tool, ultimately they want to sell you their product... so naturally some of those "warnings" tend to be greatly exaggerated. :D
     
  10. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    but they do matter in regular firefox browser right? if you have a different regular firefox
     
  11. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    If you have two different Firefox browsers (let's say one 'regular' FF and one Tor Browser) then each one will have its own separate cache/cookies directory. Since the profiles are totally independent of one another, there is no possibility of cross-contamination while browsing.

    Only your plugin directories (Flash cache, Sun Java cache, etc.) are shared between multiple browser instances.
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,564
    Hi personguy666,

    You should always forbid scripts globally with NoScript, and then selectively allow them to view the contents of web pages which rely on Javascript being allowed to see content - but, not globally.

    -- Tom
     
  13. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    ^why isn't that the default setting for tor??
     
  14. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,564
    Hi personguy666,

    It is a NoScript (Options)>General setting which is a Firefox add-on - i.e. it is not a part of Tor. If you check in your FF browser NoScript (Options)>General settings you should see that Scripts Globally Allowed (dangeroous) is NOT checked, i.e. then it is being enforced and is a default setting when used with Tor.

    -- Tom
     
  15. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    that is true
    but "globally blocked" isn't checked either i think.
    will my ip leak if i leave it that way??
     
  16. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,564
    Globally blocked is not an option, but it means the same as an unchecked Globally Allowed.

    -- Tom
     
  17. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    ok the option is "forbid scripts globally".
    and it is not used by default
     
  18. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,564
    When you say "forbid scripts globally" if that description is not in NoScript, then in what software/version number? Are you talking about a specific version of Firefox or the Tor browser bundle? If so, then what is its name and version number?

    -- Tom
     
  19. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    it's next to the green onion button next to the forward back buttons
    in top left corner of torbrowser...
     
  20. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,564
    What I asked you was what software/version - you said Torbrowser. What version of the Torbrowser - is it Firefox version 10, 10.2, 11,...? Are you using a Torbrowser bundle? If you right-click "it" does it give you an options list for a Firefox add-on? If so, it should allow you to check "forbid scripts globally" to set it as the default. Hopefully, what you are talking about is the NoScript Firefox add-on.

    Also, perchance, are you on a Windows platform?

    The reason I ask is that I do not use the Tor Browserbundle, I use TAILS from a Live USB which uses Iceweasel, a Firefox derivative with NoScript. It so happens to be in a Linux Debian environment.

    -- Tom
     
    Last edited: Apr 27, 2012
  21. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    using the latest tor bundle.
     
  22. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    could i get an answer?
    all torbundle settings are default
     
  23. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    If I am not mistaken, the Tor browser bundle does this by default. Someone correct me if I am wrong.
     
  24. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    block all scripts by default it does not apparently.
    like i said theres a noscript button in left upper corner.
     
  25. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
Thread Status:
Not open for further replies.