Tor_and_The_Dark_Net_Remain_Anonymous_and_Evade_NSA_Spying_by_James
Tor
Tor
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Change it to “false” by right-clicking and choosing Toggle.
Managing Adobe Flash Privacy.
Adobe lists advice on how to disable Flash cookies on their website.
http://helpx.adobe.com/flash-player/kb/disable-local-shared-objectsflash.html.
There are some problems with the options Adobe offers (for instance, there
is no “session only” option), so it is probably best to globally set Local Stored Object
space to 0 and only change that for sites which you are willing to have tracking you. On
the Linux version of Adobe’s Flash plugin there does not seem to be a way set the limit to
0 for all sites and therefore its use should be limited or avoided. Luckily Tails does not
have flash installed, but in case you are not using Tails be aware of this.
If you absolutely need to watch a video online, find a way to download the video to your
computer and watch it that way. This takes the browser out of the loop of processing a
video for you and eliminates those Flash cookies which help identify you.
JavaScript
JavaScript is probably the grand daddy of all vulnerabilities in internet browsing. The
majority of exploits, malware, viruses and other computer take overs happen because of
JavaScript code executing in your browser. JavaScript has many uses. Sometimes it is
simply used to make webpages look flashier by having them respond as the mouse moves
around or change themselves continually. In other cases, JavaScript adds significantly to a
page’s functionality, allowing it to respond to user interactions without the need to click on
a “submit” button and wait for the web server to send back a new page in response.
Unfortunately, JavaScript also contributes to many security and privacy problems with the
web. If a malicious party can find a way to have their JavaScript included in a page, they
can use it for all kinds of evil: making links change as the user clicks them; sending
usernames and passwords to the wrong places; reporting lots of information about the
users’ browser back to a site. JavaScript is frequently a part of schemes to track people
across the web, or worse, to install malware on people’s computers. It is best to disable
JavaScript (about:config in URL bar search for JavaScript and Toggle it to disabled)
unless you absolutely trust the site or use the browser add-on NoScripts that comes with
Tails and is available in Firefox to at least selectively block malicious scripts. Disabling
JavaScript outright is the best option though.
Supposedly NoScript doesn’t block all Javascript even when it is enabled and no sites are
on the whitelist. Not sure about that claim but I’ve seen people make it. There’s a Firefox
add-on (which also works in Tor Browser) called toggle_js which lets you toggle the
about:config javascript.enable parameter through a toolbar icon so you don’t have to
go into about:config. I find it quite useful.
JavaScript can also reveal an alarming amount of information about you even if you are
using TOR or a VPN, including your browser plug-ins, your time zone, what fonts you
have installed (flash does this as well) and of course most browsers will send your user
agent, meaning they tell the website what browser you are using and in some cases your
operating system! Some of these details may not seem very important, but collected as a