![]() ![]() Is there a reason why this feature appears to have been removed in the latest version of TBB? Among the options that presented upon clicking on this icon, were "Use new identity" (which unlike its counterpart in the _sys tray_ onion icon, would actually close any tabs and additional windows open as well as clear all cookies). ![]() The previous version of TBB had an onion icon in the navigation toolbar of the browser (Aurora). (Note that I am using the *GNU/Linux* version of TBB) I will now reiterate and elaborate-upon some of the specific issues already mentioned by other posters above me. Shouldn't there be an official _forum_ for such questions? Seems like that would be a far more efficient and usable medium for many of the questions and issues that (apparently due to a lack of alternative) get covered in the comments to these blog posts. There are a lot of questions here that require answers from the developers. This would not only protect against simple JS exploits but also vulnerabilities in the HTML or image file rendering code. The real solution however would be to add some level of sandboxing (be that built into the browser, the OS like MIC, Apparmor, SeLinux or seatbelt or through a 3rd party standalone application like a VM or sandboxie). NoScript white-list consisting of only https domains would be a better default and still offer a reasonable user-experience. Add the lack of auto updating (all you get is a warning/notice on the default homepage) and I'm sure a good portion of Tor users is vulnerable because of this decision. The window of several days between the upstream release of security patches for Firefox and TBB releases doesn't help. Every JavaScript related code execution vulnerability can be used not only to fully compromise browser sessions, saved cookies, history and passwords but your entire user account on your OS, all files and most importantly, your IP address! Of course it's the wrong decision, especially since Firefox doesn't do sandboxing like Chrome, IE and now Safari. It has been brought up before but the developers think it's a good idea. Same with the Linux bundle since several versions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |