Tor and Javascript

Discussion in 'privacy technology' started by idontknowtech, Feb 7, 2007.

Thread Status:
Not open for further replies.
  1. idontknowtech

    idontknowtech Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    23
    Whenever I go to a site that has javascript (i.e. a video), the javascript is disabled by Tor. How do I change that? Should I?
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Tor does not affect Javascript - most likely you have configured Privoxy to do so (if you are using its default settings, this is the most likely cause - try Kye-U's instructions and configuration file here). Also check any other filters that you are using.

    Javascript is best disabled by default since, at the very least, it allows a malicious website to encrypt its content to slip past any online web scanners that your AV software or firewall may offer. Most sites are unaffected by having it disabled but using a filter that allows you to enable it easily (NoScript for Firefox being a good example) for those that are will make life easier.
     
  3. Benjie

    Benjie Registered Member

    Joined:
    Feb 11, 2007
    Posts:
    1
    Sorry P2K, with absolutely no disrespect, but that forum requires registration and cookies to access the privoxy configuration file you've alluded to in your post. Which every person who wishes to download it from here would have to do. Besides wouldn't the fact that both registration & *cookies* are required to log in compromise one's privacy? And wouldn't it have been easier just to post here the configuration - as I recall you've done sometime before. Excuse me but I do indeed recall that you already posted a better configuration for privoxy than the default sample one, but I'm having to go through alot of your old posts to find it.... Anyway would very much appreciate please if you could post again same.


    Many many thanks if you would post here a better configuation than privoxy's default!
     
  4. idontknowtech

    idontknowtech Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    23
    Hi guys... I should have specified, I'm using Firefox and it is Flash that cannot be played. If I'm on a site like youtube, the videos won't play -- even after I have downloaded the suggested PlugIn. What can I do about this so that Flash works with Tor?
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well, if Kye-U requires registration to access downloads, that is his right to decide (bear in mind that offering downloads requires more bandwidth, so registration may simply be a means to preventing excessive leeching). In terms of privacy, there should be little difference between registering there or here - allowing cookies (especially third party ones) by default is the main privacy threat.
    You presumably refer to this post which I made when Kye-U's forum was down. Note that the configuration was Kye-U's work, not mine. ;)
     
  6. johnhorner

    johnhorner Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    7
    I hate to spill the beans, but it is extremely difficult to watch flash movies anonymously. That P2K didn't notice this speaks wonders about him. Flash is actually by far the easiest method of obtaining a tor user's real ip address. See www.fortconsult.net/images/pdf/tpr_100506.pdf and www.fortconsult.net/images/pdf/Practical_Onion_Hacking.pdf for a few of many examples of this.

    As Paranoid2000 has been kind enough to point out to me and others personally, you really do need to firewall your browser. After doing that please tell me if that ruins flash or not. I am thinking one way to view flash videos would be to use one of those flash-downloading browser plugins. After the movies have downloaded, perhaps you can then disconnect from the internet and watch your stuffs.

    But if you think you can surf anonymously, you are in for a rude awakening.

    John
     
    Last edited: Feb 17, 2007
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Nothing special here. While the PDF files are interesting, the first document states "One simple possibility for unmasking a Tor client is simply to get a shockwave flash file to play in a suspects machine, thereby executing a command causing it to connect out – BYPASSING TOR!" This means it is no different from Java applets - it can only work if you allow Flash to connect directly to the Internet. Indeed the document notes this with: "A user running a host-based firewall allowing outbound connections on a per-application basis might not be affected by this." and "It only affects Internet Explorer users, not Firefox users, presumably due to different Java engines being in use." Those wishing anonymity online cannot rely on Tor alone, but have to use a firewall and web-filtering in conjunction with it.

    A slightly greater concern with Flash is potential abuse of its local storage option (aka "Flash cookie") which is enabled by default - see Adobe: How to manage and disable Local Shared Objects for details on disabling this.

    It is however a bad idea to view videos via Tor because of the bandwidth demands involved (multiplied by four due to routing it via 3 nodes - which you are asking volunteers to carry) and the lower speed. In addition, pushing large volumes of traffic through Tor makes it slower for everyone else.
     
Loading...
Thread Status:
Not open for further replies.