tor-webwml.git

@@ -1,5 +1,5 @@

 ## translation metadata

-# Based-On-Revision: 15123

+# Based-On-Revision: 16280

 # Last-Translator: mfr(ät]misericordia.be, fredzupy@gmail.com

@@ -231,7 +231,7 @@ Parcourez le <b>dépôt SVN</b> : (il n'est pas garanti qu'il fonctionne ni mê

   <li><a href="<svnsandbox>">Bac à sable SVN (sandbox) régulièrement mis à jour</a></li>

   <li><a href="https://svn.torproject.org/svn/tor/trunk">Parcourir le répertoire du dépôt SVN directement</a></li>

   <li><a href="http://cvs.seul.org/viewcvs/viewcvs.cgi/?root=Tor">Voir le CVS</a></li>

-  <li>accès anonyme à <a href="http://subversion.tigris.org/">subversion :</a>

+  <li><a href="http://subversion.tigris.org/">Subversion :</a>

     <ul>

       <li>Créez un répertoire vide et placez-vous dans ce répertoire.</li>

       <li><kbd>svn checkout https://tor-svn.freehaven.net/svn/tor/trunk tor</kbd></li>

@@ -1,5 +1,5 @@

 ## translation metadata

-# Based-On-Revision: 15961

+# Based-On-Revision: 16278

 # Last-Translator: mfr(ä]misericordia.be, eightone_18 @yahoo.co.uk

 #include "head.wmi" CHARSET="UTF-8" TITLE="Tor : Télécharger pour Linux/Unix"

@@ -49,8 +49,7 @@ href="<package-rpm4-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-rpm4-alpha>"><version-rpm4-alpha> RPM</a> (<a

-href="<package-rpm4-alpha-sig>">sig</a>)<br />

-<a href="<package-rpm4-021>"><version-rpm4-021> RPM</a> (<a href="<package-rpm4-021-sig>">sig</a>)

+href="<package-rpm4-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>

@@ -65,8 +64,7 @@ href="<package-srpm4-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-srpm4-alpha>"><version-rpm4-alpha> SRPM</a> (<a 

-href="<package-srpm4-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-srpm4-021>"><version-rpm4-021> SRPM</a> (<a href="<package-srpm4-021-sig>">sig</a>)

+href="<package-srpm4-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">Linux/BSD/Unix instructions</a>

@@ -80,8 +78,7 @@ href="<package-rpm5-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-rpm5-alpha>"><version-rpm5-alpha> RPM</a> (<a

-href="<package-rpm5-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-rpm5-021>"><version-rpm5-021> RPM</a> (<a href="<package-rpm5-021-sig>">sig</a>)

+href="<package-rpm5-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>

@@ -97,8 +94,7 @@ href="<package-srpm5-stable-sig>">sig</a>)

 <td>

 <a href="<package-srpm5-alpha>"><version-rpm5-alpha> SRPM</a> (<a 

-href="<package-srpm5-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-srpm5-021>"><version-rpm5-021> SRPM</a> (<a href="<package-srpm5-021-sig>">sig</a>)

+href="<package-srpm5-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>

@@ -112,8 +108,7 @@ href="<package-srpm5-alpha-sig>">sig</a>)<br />

 </td>

 <td>

 <a href="<package-rpmfc-alpha>"><version-rpmfc-alpha> RPM</a> (<a

-href="<package-rpmfc-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-rpmfc-021>"><version-rpmfc-021> RPM</a> (<a href="<package-rpmfc-021-sig>">sig</a>)

+href="<package-rpmfc-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>

@@ -127,8 +122,7 @@ href="<package-rpmfc-alpha-sig>">sig</a>)<br />

 </td>

 <td>

 <a href="<package-srpmfc-alpha>"><version-rpmfc-alpha> SRPM</a> (<a

-href="<package-srpmfc-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-srpmfc-021>"><version-rpmfc-021> SRPM</a> (<a href="<package-srpmfc-021-sig>">sig</a>)

+href="<package-srpmfc-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">Instructions Linux/BSD/Unix</a>

@@ -143,8 +137,7 @@ href="<package-rpmsuse-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-rpmsuse-alpha>"><version-rpmsuse-alpha> RPM</a> (<a 

-href="<package-rpmsuse-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-rpmsuse-021>"><version-rpmsuse-021> RPM</a> (<a href="<package-rpmsuse-021-sig>">sig</a>)

+href="<package-rpmsuse-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>

@@ -159,8 +152,7 @@ href="<package-srpmsuse-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-srpmsuse-alpha>"><version-rpmsuse-alpha> SRPM</a> (<a

- href="<package-srpmsuse-alpha-sig>">sig</a>)<br />

-  	 <a href="<package-srpmsuse-021>"><version-rpmsuse-021> SRPM</a> (<a href="<package-srpmsuse-021-sig>">sig</a>)

+ href="<package-srpmsuse-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-unix>">instructions Linux/BSD/Unix</a>

@@ -1,5 +1,5 @@

 ## translation metadata

-# Based-On-Revision: 15961

+# Based-On-Revision: 16278

 # Last-Translator: mfr(ät] misericordia.be, fredzupy@gmail.com

 #include "head.wmi" CHARSET="UTF-8" TITLE="Tor : Télécharger"

@@ -30,8 +30,7 @@ Windows<br/>

 href="<package-win32-bundle-stable-sig>">sig</a>)

 </td>

   <td>

-   <a href="<package-win32-bundle-alpha>"><version-win32-bundle-alpha></a> (<a href="<package-win32-bundle-alpha-sig>">sig</a> ) <br />

-   <a href="<package-win32-bundle-021>"><version-win32-bundle-021></a> (<a href="<package-win32-bundle-021-sig>">sig</a>)

+   <a href="<package-win32-bundle-alpha>"><version-win32-bundle-alpha></a> (<a href="<package-win32-bundle-alpha-sig>">sig</a> )

    </td>

    <td>

    <a href="<page docs/tor-doc-windows>">Installation & guide de configuration</a>

@@ -47,8 +46,7 @@ Mac<br />

 </td>

 <td>

 <a href="<package-osx-bundle-alpha>"><version-osx-bundle-alpha></a> (<a

-href="<package-osx-bundle-alpha-sig>">sig</a>)<br />

-    <a href="<package-osx-bundle-021>"><version-osx-bundle-021></a> (<a href="<package-osx-bundle-021-sig>">sig</a>)

+href="<package-osx-bundle-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>

@@ -63,8 +61,7 @@ Mac<br />

   	     <a href="<package-oldosx-bundle-stable>"><version-oldosx-bundle-stable></a> (<a href="<package-oldosx-bundle-stable-sig>">sig</a>)

   	   </td>

   	   <td>

-  	     <a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)<br />

-    <a href="<package-oldosx-bundle-021>"><version-oldosx-bundle-021></a> (<a href="<package-oldosx-bundle-021-sig>">sig</a>)

+  	     <a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)

   	   </td>

   	   <td>

   	     <a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>

@@ -242,8 +239,7 @@ href="<package-win32-stable-sig>">sig</a>)

 </td>

 <td>

 <a href="<package-win32-alpha>"><version-win32-alpha></a> (<a

-href="<package-win32-alpha-sig>">sig</a>) <br />

-<a href="<package-win32-021>"><version-win32-021></a> (<a href="<package-win32-021-sig>">sig</a>)

+href="<package-win32-alpha-sig>">sig</a>) 

 </td>

 <td>

 <a href="<page docs/tor-doc-windows>">Installation & guide de configuration</a>

@@ -261,8 +257,7 @@ href="<package-osx-stable-sig>">sig</a>)

 </td>

 <td>

  <a href="<package-osx-alpha>"><version-osx-alpha></a> (<a 

- href="<package-osx-alpha-sig>">sig</a>)<br />

-  	     <a href="<package-osx-021>"><version-osx-021></a> (<a href="<package-osx-021-sig>">sig</a>)

+ href="<package-osx-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>

@@ -279,8 +274,7 @@ Mac (Contient Tor, Torbutton, et Privoxy)<br />

 href="<package-oldosx-stable-sig>">sig</a>)

 </td>

 <td>

-<a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)<br />

-  	     <a href="<package-oldosx-021>"><version-oldosx-021></a> (<a href="<package-oldosx-021-sig>">sig</a>)

+<a href="<package-oldosx-alpha>"><version-oldosx-alpha></a> (<a href="<package-oldosx-alpha-sig>">sig</a>)

 </td>

 <td>

 <a href="<page docs/tor-doc-osx>">Installation & guide de configuration</a>

@@ -1,5 +1,5 @@

 ## translation metadata

-# Based-On-Revision: 16239

+# Based-On-Revision: 16271

 # Last-Translator: mfr(ät]misericordia.be

 #include "head.wmi" TITLE="Torbutton - Basculez rapidement sur le réseau Tor avec Firefox" CHARSET="UTF-8"

@@ -81,12 +81,11 @@ function install (aEvent)

 </script>

 <h2>Torbutton</h2>

-<hr>

+<hr />

 <strong>Version Actuelle:</strong><version-torbutton><br/>

 <br/>

 <strong>Auteurs:</strong> Scott Squires &amp; Mike Perry<br/>

-<strong>Courriel:</strong> squires at freehaven dot net, mikeperry (o) fscked/org<br/>

 <br/>

 <strong>Installation:</strong> 

 <a href="http://www.torproject.org/torbutton/torbutton-current.xpi"

@@ -104,14 +103,12 @@ Complément de recherche Google pour

 <a href="/jsreq.html" title="Ref: 14938 (googleCA)"

  onClick="addOpenSearch('googleuk_web','png','General','14445','g');return false">Google UK</a>.

 <br/>

-<!--

-<strong>Install:</strong> <a href="torbutton-1.0.4.xpi">torbutton-1.0.4.xpi</a><br/>

--->

 <strong>Source:</strong> Vous pouvez <a href="https://svn.torproject.org/svn/torbutton/trunk/">parcourir le référenciel</a> ou simplement dezipper le xpi.

 <br/>

 <strong>Rapports de Bogues:</strong> <a href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">Torproject flyspray</a><br/>

-<strong>Documents:</strong> <b>[</b> <a href="#FAQ">FAQ</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CHANGELOG">changelog</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/LICENCE">licence</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CREDITS">crédits</a> <b>]</b><br/>

-<h2>Présentation</h2>

+<strong>Documents:</strong> <b>[</b> <a href="<page torbutton/faq>">FAQ</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CHANGELOG">changelog</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/LICENCE">licence</a> <b>|</b> <a href="https://svn.torproject.org/svn/torbutton/trunk/src/CREDITS">crédits</a> <b>]</b><br/>

+

+<br/>

 <p>

 Torbutton est un moyen en 1-click pour les utilisateurs de Firefox d'activer

  ou de désactiver l'utilisation de <a href="<page index>">Tor</a> dans le 

@@ -122,7 +119,13 @@ Torbutton est un moyen en 1-click pour les utilisateurs de Firefox d'activer

  compte dans la barre d'état.

 	</p>

 <p>

-Certains utilisateurs peuvent préfèrer un bouton dans la barre d'outils au 

+Afin de préserver votre sécurité, Torbutton désactive différents types de contenu dynamique. Vous

+pouvez en apprendre plus dans la <a href="<page torbutton/faq>">FAQ Torbutton</a>,

+ou consultez la liste détaillée des <a href="<page torbutton/options>">options Torbutton

+</a>.

+</p>

+<p>

+Certains utilisateurs préfèrent avoir un bouton dans la barre d'outils au 

 lieu d'un panneau d'état. Ce bouton est inclus, et l'on ajoute à la barre

 d'outils en cliquant avec le bouton droit sur la barre d'outils souhaitée, 

 en sélectionnant "Personnaliser ...", puis en faisant glisser l'icône 

@@ -130,410 +133,7 @@ lieu d'un panneau d'état. Ce bouton est inclus, et l'on ajoute à la barre

 pour cacher le panneau d'état (Outils-> Modules complémentaires, 

 sélectionnez Torbutton, et cliquez sur Préférences).

 	</p>

-<p>

-Les nouveaux Firefoxs ont la capacité d'envoyer les requêtes DNS à travers le proxy SOCKS, et Torbutton fera usage de cette fonctionnalité si elle est disponible dans votre version de Firefox.

-</p>

-

-<a id="FAQ"></a><h2>FAQ</h2>

-

-<strong>I can't click on links or hit reload after I toggle Tor! Why?</strong>

-

-<p>

-Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox

-Bug 409737</a>, pages can still open popups and perform Javascript redirects

-and history access after Tor has been toggled. These popups and redirects can

-be blocked, but unfortunately they are indistinguishable from normal user

-interactions with the page (such as clicking on links, opening them in new

-tabs/windows, or using the history buttons), and so those are blocked as a

-side effect. Once that Firefox bug is fixed, this degree of isolation will

-become optional (for people who do not want to accidentally click on links and

-give away information via referrers). A workaround is to right click on the

-link, and open it in a new tab or window. The tab or window won't load

-automatically, but you can hit enter in the URL bar, and it will begin

-loading. Hitting enter in the URL bar will also reload the page without

-clicking the reload button.

-</p>

-

-<strong>My browser is in some weird state where nothing works right!</strong>

-

-<p>

-Try to disable Tor by clicking on the button, and then open a new window. If

-that doesn't fix the issue, go to the preferences page and hit 'Restore

-Defaults'. This should reset the extension and Firefox to a known good

-configuration.  If you can manage to reproduce whatever issue gets your

-Firefox wedged, please file details at <a

-href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">the

-bug tracker</a>.

-</p>

-

-<strong>When I toggle Tor, my sites that use javascript stop working. Why?</strong>

-

-<p>

-Javascript can do things like wait until you have disabled Tor before trying

-to contact its source site, thus revealing your IP address. As such, Torbutton

-must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor

-state changes from the state that was used to load a given page. These features 

-are re-enabled when Torbutton goes back into the state that was used to load

-the page, but in some cases (particularly with Javascript and CSS) it is

-sometimes not possible to fully recover from the resulting errors, and the

-page is broken. Unfortunately, the only thing you can do (and still remain

-safe from having your IP address leak) is to reload the page when you toggle

-Tor, or just ensure you do all your work in a page before switching tor state.

-</p>

-

-

-<strong>When I use Tor, Firefox is no longer filling in logins/search boxes

-for me. Why?</strong>

-

-<p>

-Currently, this is tied to the "<b>Block history writes during Tor</b>"

-setting. If you have enabled that setting, all formfill functionality (both

-saving and reading) is disabled. If this bothers you, you can uncheck that

-option, but both history and forms will be saved. To prevent history

-disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor

-history reads if you allow history writing during Tor.

-</p>

-

-

-<strong>Which Firefox extensions should I avoid using?</strong>

-

-<p>

-This is a tough one. There are thousands of Firefox extensions: making a

-complete list of ones that are bad for anonymity is near impossible. However,

-here are a few examples that should get you started as to what sorts of

-behavior are dangerous.

-</p>

-

-<ol>

- <li>StumbleUpon, et al</li>

- These extensions will send all sorts of information about the websites you

- visit to the stumbleupon servers, and correlate this information with a

- unique identifier. This is obviously terrible for your anonymity.

- More generally, any sort of extension that requires registration, or even

- extensions that provide information about websites you visit should be

- suspect.

-

- <li>FoxyProxy</li>

-

-While FoxyProxy is a nice idea in theory, in practice it is impossible to

-configure securely for Tor usage without Torbutton. Like all vanilla third

-party proxy plugins, the main risks are <a

-href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>

-and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history

-disclosure</a>, followed closely by cookie theft by exit nodes and tracking by

-adservers (see the <a href="design/index.html#adversary">Torbutton Adversary

-Model</a> for more information). However, even with Torbutton installed in

-tandem and always enabled, it is still very difficult (though not impossible)

-to configure FoxyProxy securely. Since FoxyProxy's 'Patterns' mode only

-applies to specific urls, and not to an entire tab, setting FoxyProxy to only

-send specific sites through Tor will still allow adservers to still learn your

-real IP. Worse, if those sites use offsite logging services such as Google

-Analytics, you may still end up in their logs with your real IP. Malicious

-exit nodes can also cooperate with sites to inject images into pages that

-bypass your filters. Setting FoxyProxy to only send certain URLs via Non-Tor

-is much more viable, but be very careful with the filters you allow. For

-example, something as simple as allowing *google* to go via Non-Tor will still

-cause you to end up in all the logs of all websites that use Google Analytics!

-See <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this

-question</a> on the FoxyProxy FAQ for more information.

-

- <li>NoScript</li>

- Torbutton currently mitigates all known anonymity issues with Javascript.

- While it may be tempting to get better security by disabling Javascript for

- certain sites, you are far better off with an all-or-nothing approach.

- NoScript is exceedingly complicated, and has many subtleties that can surprise

- even advanced users. For example, addons.mozilla.org verifies extension

- integrity via Javascript over https, but downloads them in the clear. Not 

- adding it to your whitelist effectively

- means you are pulling down unverified extensions. Worse still, using NoScript

- can actually disable protections that Torbutton itself provides via

- Javascript, yet still allow malicious exit nodes to compromise your

- anonymity via the default whitelist (which they can spoof to inject any script  they want). 

-</ol>

-

-

-<strong>Which Firefox extensions do you recommend?</strong>

-<p>

-<ol>

- <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a></li>

- Mentioned above, this extension allows more fine-grained referrer spoofing

-than Torbutton currently provides. It should break less sites than Torbutton's

-referrer spoofing option.

- <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a></li>

- If you use Tor excessively, and rarely disable it, you probably want to

-install this extension to minimize the ability of sites to store long term

-identifiers in your cache. This extension applies same origin policy to the

-cache, so that elements are retrieved from the cache only if they are fetched

-from a document in the same origin domain as the cached element. 

-</ol>

-</p>

-

-<strong>Are there any other issues I should be concerned about?</strong>

-<p>

-There is currently one known unfixed security issue with Torbutton: it is

-possible to unmask the javascript hooks that wrap the Date object to conceal

-your timezone in Firefox 2, and the timezone masking code does not work at all

-on Firefox 3. We are working with the Firefox team to fix one of <a

-href="https://bugzilla.mozilla.org/show_bug.cgi?id=392274">Bug 399274</a> or

-<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=419598">Bug 419598</a>

-to address this. In the meantime, it is possible to set the <b>TZ</b>

-environment variable to <b>UTC</b> to cause the browser to use UTC as your

-timezone. Under Linux, you can add an <b>export TZ=UTC</b> to the

-/usr/bin/firefox script, or edit your system bashrc to do the same. Under

-Windows, you can set either a <a

-href="http://support.microsoft.com/kb/310519">User or System Environment

-Variable</a> for TZ via My Computer's properties. In MacOS, the situation is

-<a

-href="http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/EnvironmentVars.html#//apple_ref/doc/uid/20002093-BCIJIJBH">a

-lot more complicated</a>, unfortunately.

-</p>

-

-<p>

-In addition, RSS readers such as Firefox Livemarks can perform

-periodic fetches. Due to <a

-href="https://bugzilla.mozilla.org/show_bug.cgi?id=436250">Firefox Bug

-436250</a>, there is no way to disable Livemark fetches during Tor. This can

-be a problem if you have a lot of custom Livemark urls that can give away

-information about your identity.

-</p>

-

-<h2>Description des Options</h2>

-

-<p>The development branch of Torbutton adds several new security features to

-protect your anonymity from all the major threats the author is aware of. The

-defaults should be fine for most people, but in case you are the tweaker type,

-or if you prefer to try to outsource some options to more flexible extensions,

-here is the complete list. (In an ideal world, these descriptions should all be

-tooltips in the extension itself, but Firefox bugs <a

-href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a

-href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently

-prevent this).</p>

-

-<ul>

- <li>Disable plugins on Tor Usage (crucial)</li>

-

-  This option is key to Tor security. Plugins perform their own networking

-independent of the browser, and many plugins only partially obey even their own

-proxy settings.

-

-  <li>Isolate Dynamic Content to Tor State (crucial)</li>

-

-  Another crucial option, this setting causes the plugin to disable Javascript

-  on tabs that are loaded during a Tor state different than the current one,

-  to prevent delayed fetches of injected URLs that contain unique identifiers,

-  and to prevent meta-refresh tags from revealing your IP when you turn off

-  Tor. It also prevents all fetches from tabs loaded with an opposite Tor

-  state. This serves to block non-Javascript dynamic content such as CSS

-  popups from revealing your IP address if you disable Tor.

-

-  <li>Hook Dangerous Javascript (crucial)</li>

-

-This setting enables the Javascript hooking code. Javascript is injected into

-pages to hook the Date object to mask your timezone, and to hook the navigator

-object to mask OS and user agent properties not handled by the standard

-Firefox user agent override settings.

-

-  <li>Resize window dimensions to multiples of 50px on toggle (recommended)</li>

-

-To cut down on the amount of state available to fingerprint users uniquely, 

-this pref causes windows to be resized to a multiple of 50 pixels on each

-side when Tor is enabled and pages are loaded.

-

-  <li>Disable Updates During Tor (recommended)</li>

-

-Under Firefox 2, many extension authors did not update their extensions from 

-SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to 

-existing extensions. Since Firefox 3 now enforces encrypted and/or

-authenticated updates, this setting is no longer as important as it once

-was (though updates do leak information about which extensions you have, it is

-fairly infrequent).

-

-  <li>Disable Search Suggestions during Tor (optional)</li>

-

-This optional setting governs if you get Google search suggestions during Tor

-usage. Since no cookie is transmitted during search suggestions, this is a

-relatively benign behavior.

-

-  <li>Block Tor/Non-Tor access to network from file:// urls (recommended)</li>

-

-These settings prevent local html documents from transmitting local files to

-arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that

-force the browser to save arbitrary pages locally (and also inject script into

-arbitrary html files you save to disk via Tor), it is probably a good idea to

-leave this setting on.

-

-  <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)</li>

-

-These two settings allow you to obtain a greater degree of assurance that

-after you toggle out of Tor, the pages are really gone and can't perform any

-extra network activity. Currently, there is no known way that pages can still

-perform activity after toggle, but these options exist as a backup measure

-just in case a flaw is discovered. They can also serve as a handy 'Boss

-Button' feature for clearing all Tor browsing off your screen in a hurry.

-

-  <li>Isolate access to history navigation to Tor state (crucial)</li>

-

-This setting prevents both Javascript and accidental user clicks from causing

-the session history to load pages that were fetched in a different Tor state

-than the current one. Since this can be used to correlate Tor and Non-Tor

-activity and thus determine your IP address, it is marked as a crucial 

-setting.

-

-  <li>Block History Reads during Tor (crucial)</li>

-

-  Based on code contributed by <a href="http://www.collinjackson.com/">Collin

-  Jackson</a>, when enabled and Tor is enabled, this setting prevents the

-rendering engine from knowing if certain links were visited.  This mechanism

-defeats all document-based history disclosure attacks, including CSS-only

-attacks.

-

-  <li>Block History Reads during Non-Tor (recommended)</li>

-

-  This setting accomplishes the same but for your Non-Tor activity.

-

-  <li>Block History Writes during Tor (recommended)</li>

-

-  This setting prevents the rendering engine from recording visited URLs, and

-also disables download manager history. Note that if you allow writing of Tor history,

-it is recommended that you disable non-Tor history reads, since malicious

-websites you visit without Tor can query your history for .onion sites and

-other history recorded during Tor usage (such as Google queries).

-

-  <li>Block History Writes during Non-Tor (optional)</li>

-

-This setting also disables recording any history information during Non-Tor

-usage.

-

-<li>Clear History During Tor Toggle (optional)</li>

-

-  This is an alternate setting to use instead of (or in addition to) blocking

-history reads or writes.

-

-  <li>Block Password+Form saving during Tor/Non-Tor</li>

-

-  These options govern if the browser writes your passwords and search

-  submissions to disk for the given state.

-

-  <li>Block Tor disk cache and clear all cache on Tor Toggle</li>

-

-  Since the browser cache can be leveraged to store unique identifiers, cache

-must not persist across Tor sessions. This option keeps the memory cache active

-during Tor usage for performance, but blocks disk access for caching.

-

-  <li>Block disk and memory cache during Tor</li>

-

-  This setting entirely blocks the cache during Tor, but preserves it for

-Non-Tor usage.

-

-  <li>Clear Cookies on Tor Toggle</li>

-

-  Fully clears all cookies on Tor toggle.

-  

-  <li>Store Non-Tor cookies in a protected jar</li>

-

-  This option stores your persistent Non-Tor cookies in a special cookie jar

-  file, in case you wish to preserve some cookies. Based on code contributed

-  by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is

-  compatible with third party extensions that you use to manage your Non-Tor

-  cookies. Your Tor cookies will be cleared on toggle, of course.

-

-  <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)</li>

-

-  This option stores your persistent Tor and Non-Tor cookies 

-  separate cookie jar files. Note that it is a bad idea to keep Tor

-  cookies around for any length of time, as they can be retrieved by exit

-  nodes that inject spoofed forms into plaintext pages you fetch.

-

-  <li>Manage My Own Cookies (dangerous)</li>

-

-  This setting allows you to manage your own cookies with an alternate

-extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,

-since malicious exit nodes can spoof document elements that appear to be from

-sites you have preserved cookies for (and can then do things like fetch your

-entire gmail inbox, even if you were not using gmail or visiting any google

-pages at the time!).

- 

-  <li>Do not write Tor/Non-Tor cookies to disk</li>

-

-  These settings prevent Firefox from writing any cookies to disk during the

-  corresponding Tor state. If cookie jars are enabled, those jars will

-  exist in memory only, and will be cleared when Firefox exits.

-

-  <li>Disable DOM Storage during Tor usage (crucial)</li>

-

-  Firefox has recently added the ability to store additional state and

-  identifiers in persistent tables, called <a

-  href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.

-  Obviously this can compromise your anonymity if stored content can be

-  fetched across Tor-state.

-

-  <li>Clear HTTP auth sessions (recommended)</li>

-

-  HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site. 

-

-  <li>Clear cookies on Tor/Non-Tor shutdown</li>

-

-  These settings install a shutdown handler to clear cookies on Tor

-and/or Non-Tor browser shutdown. It is independent of your Clear Private Data

-settings, and does in fact clear the corresponding cookie jars.

-

-  <li>Prevent session store from saving Tor-loaded tabs (recommended)</li>

-

-  This option augments the session store to prevent it from writing out

-  Tor-loaded tabs to disk. Unfortunately, this also disables your ability to 

-  undo closed tabs. The reason why this setting is recommended is because

-  after a session crash, your browser will be in an undefined Tor state, and

-  can potentially load a bunch of Tor tabs without Tor. The following option

-  is another alternative to protect against this.

-

-  <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State</li>

-

-  This setting allows you to choose which Tor state you want the browser to

-  start in normally: Tor, Non-Tor, or whatever state the browser shut down in.

-

-  <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor</li>

-

-  When Firefox crashes, the Tor state upon restart usually is completely

-  random, and depending on your choice for the above option, may load 

-  a bunch of tabs in the wrong state. This setting allows you to choose

-  which state the crashed session should always be restored in to.

-

-  <li>Prevent session store from saving Non-Tor/Tor-loaded tabs</li>

-  

-  These two settings allow you to control what the Firefox Session Store

-  writes to disk. Since the session store state is used to automatically

-  load websites after a crash or upgrade, it is advisable not to allow

-  Tor tabs to be written to disk, or they may get loaded in Non-Tor

-  after a crash (or the reverse, depending upon the crash recovery setting, 

-  of course).

-  

-  <li>Set user agent during Tor usage (crucial)</li>

-

-  User agent masking is done with the idea of making all Tor users appear

-uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this

-string and supporting navigator.* properties, and this version will remain the

-same for all TorButton versions until such time as specific incompatibility

-issues are demonstrated. Uniformity of this value is obviously very important

-to anonymity. Note that for this option to have full effectiveness, the user

-must also allow Hook Dangerous Javascript ensure that the navigator.*

-properties are reset correctly.  The browser does not set some of them via the

-exposed user agent override preferences.

-

-  <li>Spoof US English Browser</li>

-

-This option causes Firefox to send http headers as if it were an English

-browser. Useful for internationalized users.

-

-  <li>Don't send referrer during Tor Usage</li>

-This option disables the referrer header, preventing sites from determining

-where you came from to visit them. This can break some sites, however. <a

-href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.

-A more streamlined, less intrusive version of this option should be available

-eventually. In the meantime, <a

-href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can

-provide this functionality via a default option of <b>Forge</b>.

-</ul>

     </div><!-- #main -->