On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk <joebtfs...@gmx.com> wrote: > Isn't this approach very much a double edged sword? From the link: >> >> However, we recommend that even users who know how to use NoScript leave >> JavaScript enabled if possible, because a website or exit node can easily >> distinguish users who disable JavaScript from users who use Tor Browser >> bundle with its default settings (thus users who disable JavaScript are less >> anonymous). > > It may be true that changing settings makes one's profile different, but > from all I've ever read, java script is responsible for more malicious > browser attacks than anything. That's not so good.
Javascript atacks are, however, out of the scope for anonymity research. The anonymity set reduction above, while purely theoretical and of no practical significance, is in that scope. It's a typical case of project focus shifting priorities to user's disadvantage. Moreover, if many users turn Javascript off often, it is quite possible that turning it off offers more (theoretical) anonymity due to the possibility of fingerprinting users' browser versions by browsers' respective Javascript quirks. > Can someone explain to non-Tor network experts in layman's terms (25 words > or < ) :D, what exactly some one / entity HAS to be able to do in order to > profile that Joe has java script disabled, & then be able to tie it to MY > (dynamic) IP address - at * that * moment (an address that could change > anytime), or to me physically, sitting here at 123 Oak St., Bumfk, ND? It is not possible — anonymity set reduction only shifts your anonymity towards pseudonymity. I would guess that most browser users do not need true anonymity, however, and are fine with pseudonymity. > Then, what are the REAL world odds that out of all the exit nodes traffic, > which are constantly changing users, that someone can monitor enough nodes > AND be able to tie it directly to ONE specific person, w/ a real name & > physical address? Are we talking that any 12 yr old w/ the right, free > software can do this, or "theoretically"? Theoretically. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
