another q about TOR

Discussion in 'privacy technology' started by personguy666, Apr 13, 2012.

Thread Status:
Not open for further replies.
  1. personguy666
    Offline

    personguy666 Registered Member

    ok i was using the latest browser bundle (TOR) when i accidentally put cursor over the noscript (i think) button @ top left corner and it gave me a popup menu option: forbid scripts globally (advised)
    normally (w/ default torbundle settings) this option is not used.
    does that mean there are ip leaks?
    or is the browser autoconfigured to block some scripts and allow others (ie js)
  2. personguy666
    Offline

    personguy666 Registered Member

  3. CasperFace
    Offline

    CasperFace Registered Member

    JavaScript (by itself) cannot leak your IP address, so it's a non-issue. Whether you want to allow scripts globally, deny, or allow selectively is entirely up to you... based on your personal preferences.

    With regard to IP leaks, the main area of concern should be to keep your browser plugins under control. That includes Java (applets, not JavaScript), Flash, ActiveX, Silverlight, etc. As long as those remain blocked, you will be fine.

    If you want to avoid this hassle altogether, your best option would probably be to "socksify" your browser using a 3rd party application such as FreeCap, WideCap, SocksCap, Super Socks5Cap, or ProxyCap. That way, all browser activity--including plugins--are forced through Tor... which means you'll no longer have to worry about IP leakage.
  4. personguy666
    Offline

    personguy666 Registered Member

    thanks
    another question i went on ip-check.info with tor bundle and the cache field was red.
    can ip/real location leak thru cache?
  5. CasperFace
    Offline

    CasperFace Registered Member

    No. As long as your anonymous browser profile remains separate from your real-identity profile, there is no possibility for leaks. Cached E-Tags are similar to cookies, in that it's just another way for remote sites to remember you. This may be of concern from a privacy standpoint, but it won't break your anonymity.
  6. personguy666
    Offline

    personguy666 Registered Member

    but cookies/cache don't transfer between browsers (ie chrome and firefox w/ tor) right?
  7. marktor
    Offline

    marktor Registered Member

    Right. If you are using the tor browser bundle the cookies/cache you have in chrome and IE should not matter. Though personally I would just keep those clear as well.
  8. personguy666
    Offline

    personguy666 Registered Member

    oh thanks.
    also when i go on ip-check.info it says that it's bad that i have lots of fonts on my computer.
    can the font# really be used to find your real ip address? how does that work?
  9. CasperFace
    Offline

    CasperFace Registered Member

    No, it can't. In fact, I wouldn't worry about it at all. They're just pointing out a component of a theoretical attack known as "browser fingerprinting" which, in this case, has absolutely nothing to do with being able to pinpoint IP addresses. Keep in mind that while IP-check.info is a useful tool, ultimately they want to sell you their product... so naturally some of those "warnings" tend to be greatly exaggerated. :D
  10. personguy666
    Offline

    personguy666 Registered Member

    but they do matter in regular firefox browser right? if you have a different regular firefox
  11. CasperFace
    Offline

    CasperFace Registered Member

    If you have two different Firefox browsers (let's say one 'regular' FF and one Tor Browser) then each one will have its own separate cache/cookies directory. Since the profiles are totally independent of one another, there is no possibility of cross-contamination while browsing.

    Only your plugin directories (Flash cache, Sun Java cache, etc.) are shared between multiple browser instances.
  12. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    Hi personguy666,

    You should always forbid scripts globally with NoScript, and then selectively allow them to view the contents of web pages which rely on Javascript being allowed to see content - but, not globally.

    -- Tom
  13. personguy666
    Offline

    personguy666 Registered Member

    ^why isn't that the default setting for tor??
  14. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    Hi personguy666,

    It is a NoScript (Options)>General setting which is a Firefox add-on - i.e. it is not a part of Tor. If you check in your FF browser NoScript (Options)>General settings you should see that Scripts Globally Allowed (dangeroous) is NOT checked, i.e. then it is being enforced and is a default setting when used with Tor.

    -- Tom
  15. personguy666
    Offline

    personguy666 Registered Member

    that is true
    but "globally blocked" isn't checked either i think.
    will my ip leak if i leave it that way??
  16. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    Globally blocked is not an option, but it means the same as an unchecked Globally Allowed.

    -- Tom
  17. personguy666
    Offline

    personguy666 Registered Member

    ok the option is "forbid scripts globally".
    and it is not used by default
  18. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    When you say "forbid scripts globally" if that description is not in NoScript, then in what software/version number? Are you talking about a specific version of Firefox or the Tor browser bundle? If so, then what is its name and version number?

    -- Tom
  19. personguy666
    Offline

    personguy666 Registered Member

    it's next to the green onion button next to the forward back buttons
    in top left corner of torbrowser...
  20. lotuseclat79
    Offline

    lotuseclat79 Registered Member

    What I asked you was what software/version - you said Torbrowser. What version of the Torbrowser - is it Firefox version 10, 10.2, 11,...? Are you using a Torbrowser bundle? If you right-click "it" does it give you an options list for a Firefox add-on? If so, it should allow you to check "forbid scripts globally" to set it as the default. Hopefully, what you are talking about is the NoScript Firefox add-on.

    Also, perchance, are you on a Windows platform?

    The reason I ask is that I do not use the Tor Browserbundle, I use TAILS from a Live USB which uses Iceweasel, a Firefox derivative with NoScript. It so happens to be in a Linux Debian environment.

    -- Tom
    Last edited: Apr 27, 2012
  21. personguy666
    Offline

    personguy666 Registered Member

    using the latest tor bundle.
  22. personguy666
    Offline

    personguy666 Registered Member

    could i get an answer?
    all torbundle settings are default
  23. chronomatic
    Offline

    chronomatic Registered Member

    If I am not mistaken, the Tor browser bundle does this by default. Someone correct me if I am wrong.
  24. personguy666
    Offline

    personguy666 Registered Member

    block all scripts by default it does not apparently.
    like i said theres a noscript button in left upper corner.
  25. personguy666
    Offline

    personguy666 Registered Member

Thread Status:
Not open for further replies.