tor with ff js enabled still bleeding: http://www.codeproject.com/Questions/589062/HowplustoplusgetplusClientplusIpplusAddressplusand
2014-04-14 19:48 GMT+02:00 Randolph <[email protected]>: > another torbleed: > > http://stackoverflow.com/questions/391979/get-client-ip-using-just-javascript > http://en.wikipedia.org/wiki/JavaScript#Security > > > 2014-04-14 19:44 GMT+02:00 Randolph <[email protected]>: > > >> http://stackoverflow.com/questions/371875/local-file-access-with-javascript >> >> then firefox with javascript enabled is a torbleed. >> >> >> 2014-04-14 15:46 GMT+02:00 Gerardus Hendricks <[email protected]>: >> >> On 4/13/14 9:20 PM, Randolph wrote: >>> >>>> Anonymity is quite easily broken, if cookies cannot managed (e.g. like >>>> in certain browsers) and if javascript is enabled. As far as we see, >>>> Firefox in the Tor bundle disables javascript, right? >>>> Javascript allows to access the local IP address and files, which host >>>> the >>>> local IP address. That`s why Tor and Javascript do not go together. >>>> >>> >>> The Tor Browser Bundle does not disable Javascript by default. You can >>> easily disable it by clicking the NoScript button at the left side of the >>> address bar, and clicking 'Disallow all' (or something like that) >>> >>> Javascript doesn't reveal your "local IP address and files". >>> -- >>> tor-talk mailing list - [email protected] >>> To unsubscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>> >> >> > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
