Am I dumb?

Discussion in 'privacy technology' started by zero_Phil, Sep 29, 2014.

  1. zero_Phil

    zero_Phil Registered Member

    Joined:
    Apr 22, 2011
    Posts:
    67
    Hmm, so I've been trying to set up a 'safe' email account using Tor. They all require Javascript to be enabled either to sign up for a new account or for an account to actually function. Duh! Doesn't Javascript reveal your real IP address thus negating the whole purpose of using safe email? Am I wrong? Am I missing something? Am I dumb? Answers on a postcard please.
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Most likely, you are still safe. However, you might look at using a browsing-only VM that routes all traffic through TOR; this way there is no danger that your real IP might leak.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    No, Javascript doesn't do that, by itself anyway. But there have been Javascript bugs that allowed websites to push malware that did that. As Nebulus notes, it's best to work in a VM that can only reach the Internet through Tor. Even if the VM gets hosed, it can't leak the host machine's public IP address. The easiest way to do that is to use Whonix.
     
  4. zero_Phil

    zero_Phil Registered Member

    Joined:
    Apr 22, 2011
    Posts:
    67
    Thanks, Nebulus and Mirimir. I'll look into Whonix and see if I feel confident about setting it up without making a hash of it!
     
Loading...