Browse code

Clean up some more of the warning text and try to make it accessible to average humans.

Mike Perry authored on25/12/2011 02:10:12
Showing2 changed files
... ...
@@ -153,13 +153,14 @@ you are used to.  </p>
153 153
 
154 154
 <p>
155 155
 
156
-Tor only protects Internet applications that are configured to send their
157
-traffic through Tor &mdash; it doesn't magically anonymize all of your traffic
158
-just because you install it. We strongly recommend you use the <a href="<page
159
-projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
160
-your privacy and anonymity on the web as long as you're browsing with Tor
156
+Tor does not protect all of your computer's Internet traffic when you
157
+run it. Tor only protects your applications that are properly configured to
158
+send their Internet traffic through Tor. To avoid problems with Tor
159
+configuration, we strongly recommend you use the
160
+<a href="<page projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
161
+your privacy and anonymity on the web as long as you're browsing with the Tor
161 162
 Browser itself. Almost any other web browser configuration is likely to be
162
-unsafe.
163
+unsafe to use with Tor.
163 164
 
164 165
 </p>
165 166
 
... ...
@@ -169,17 +170,14 @@ unsafe.
169 170
 
170 171
 <p>
171 172
 
172
-The Tor Browser will block browser plugins such as Java, Flash, ActiveX,
173
-RealPlayer, Quicktime, Adobe's PDF plugin, and others: they can be manipulated
174
-into revealing your IP address. Similarly, we do not recommend installing
175
-additional addons or plugins into the Tor Browser, as these may bypass Tor or
176
-otherwise impede your anonymity. This means Youtube is disabled by default.
177
-Youtube provides an experimental
178
-<a href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
179
-many videos, but you must visit that link to opt-in manually. Youtube's
180
-support for the HTML5 feature is buggy and incomplete, so we are also working
181
-to provide a safe way to temporarily enable Flash in future Tor Browser
182
-versions.
173
+The Tor Browser will block browser plugins such as Flash, RealPlayer,
174
+Quicktime, and others: they can be manipulated into revealing your IP address.
175
+Similarly, we do not recommend installing additional addons or plugins into
176
+the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and
177
+privacy. The lack of plugins means that Youtube videos are blocked by default,
178
+but Youtube does provide an experimental opt-in feature
179
+<a href="https://www.youtube.com/html5">(enable it here)</a> that works for some
180
+videos.
183 181
 
184 182
 </p>
185 183
 
... ...
@@ -188,18 +186,20 @@ versions.
188 186
 <li><b>Use HTTPS versions of websites</b>
189 187
 
190 188
 <p>
191
-Tor anonymizes the origin of your traffic, and it encrypts everything between
192
-you and the Tor network and everything inside the Tor network, but 
193
-<a href="<wikifaq>#SoImtotallyanonymousifIuseTor">it can't encrypt your traffic
194
-between the Tor network and its final destination.</a> To help ensure
195
-privacy for the last leg, the Tor Browser Bundle includes 
196
-<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force
197
-the use of HTTPS with a number of major websites, but you should still
198
-watch the browser URL bar to ensure that websites you provide sensitive information
199
-to display a 
189
+
190
+Tor will encrypt your traffic
191
+<a href="https://www.torproject.org/about/overview.html.en#thesolution">to and
192
+within the Tor network</a>, but the encryption of your traffic to the final
193
+destination website depends upon on that website. To help ensure private
194
+encryption to websites, the Tor Browser Bundle includes <a
195
+href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force the
196
+use of HTTPS encryption with major websites that support it. However, you
197
+should still watch the browser URL bar to ensure that websites you provide
198
+sensitive information to display a
200 199
 <a href="https://support.mozilla.com/en-US/kb/Site%20Identity%20Button">blue or
201
-green validation</a>, include <b>https://</b> in the URL bar, 
202
-and display the proper name for the current website.
200
+green URL bar button</a>, include <b>https://</b> in the URL, and display the
201
+proper expected name for the website.
202
+
203 203
 </p>
204 204
 
205 205
 </li>
... ...
@@ -208,20 +208,19 @@ and display the proper name for the current website.
208 208
 
209 209
 <p>
210 210
 
211
-The Tor Browser will warn you before automatically opening documents
212
-that are handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.
213
-You should be very careful when downloading documents via Tor (especially DOC
214
-and PDF files) as these documents can contain Internet resources that will be
215
-downloaded outside of Tor by the application that opens them. These documents
216
-can be modified by malicious exit nodes, or by a website that is trying to trick
217
-you into revealing your non-Tor IP address. If you must work with DOC and/or
218
-PDF files, we strongly recommend using a disconnected computer, a 
219
-<a href="https://www.virtualbox.org/">VirtualBox</a> free 
220
-<a href="http://virtualboxes.org/">image</a> with networking disabled, or 
221
-<a href="http://tails.boum.org/">Tails</a>. Under no circumstances is it safe to
222
-use <a
223
-href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
224
-and Tor</a> together.
211
+The Tor Browser will warn you before automatically opening documents that are
212
+handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.  You
213
+should be very careful when downloading documents via Tor (especially DOC and
214
+PDF files) as these documents can contain Internet resources that will be
215
+downloaded outside of Tor by the application that opens them. This will reveal
216
+your non-Tor IP address. If you must work with DOC and/or PDF files, we
217
+strongly recommend either using a disconnected computer,
218
+downloading the free <a href="https://www.virtualbox.org/">VirtualBox</a> and
219
+using it with a <a href="http://virtualboxes.org/">virtual machine image</a>
220
+with networking disabled, or using <a href="http://tails.boum.org/">Tails</a>.
221
+Under no circumstances is it safe to use
222
+<a href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
223
+and Tor</a> together, however.
225 224
 
226 225
 </p>
227 226
 
... ...
@@ -230,17 +229,22 @@ and Tor</a> together.
230 229
 <li><b>Use bridges and/or find company</b>
231 230
 
232 231
 <p>
233
-Tor tries to prevent attackers from learning what destinations you connect
234
-to. It doesn't prevent somebody watching your traffic from learning that
235
-you're using Tor. You can mitigate (but not fully resolve) the risk
236
-by using a <a href="<page docs/bridges>">Tor bridge relay</a> rather than
237
-connecting directly to the public Tor network, but ultimately the best
238
-protection here is a social approach: the more Tor users there are near
239
-you and the more <a href="<page about/torusers>">diverse</a> their interests,
240
-the less dangerous it will be that you are one of them.
232
+
233
+Tor tries to prevent attackers from learning what destination websites you
234
+connect to. However, by default, it does not prevent somebody watching your Internet
235
+traffic from learning that you're using Tor. If this matters to you, you can
236
+reduce this risk by configuring Tor to use a <a href="<page docs/bridges>">Tor
237
+bridge relay</a> rather than connecting directly to the public Tor network.
238
+Ultimately the best protection is a social approach: the more Tor
239
+users there are near you and the more 
240
+<a href="<page about/torusers>">diverse</a> their interests, the less 
241
+dangerous it will be that you are one of them. Convince other people to use
242
+Tor, too!
243
+
241 244
 </p>
242 245
 
243 246
 </li>
247
+
244 248
 </ol>
245 249
 <br>
246 250
 <p>
... ...
@@ -290,13 +290,14 @@ you are used to.</p>
290 290
 
291 291
 <p>
292 292
 
293
-Tor only protects Internet applications that are configured to send their
294
-traffic through Tor &mdash; it doesn't magically anonymize all of your traffic
295
-just because you install it. We strongly recommend you use the <a href="<page
296
-projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
297
-your privacy and anonymity on the web as long as you're browsing with Tor
293
+Tor does not protect all of your computer's Internet traffic when you
294
+run it. Tor only protects your applications that are properly configured to
295
+send their Internet traffic through Tor. To avoid problems with Tor
296
+configuration, we strongly recommend you use the
297
+<a href="<page projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
298
+your privacy and anonymity on the web as long as you're browsing with the Tor
298 299
 Browser itself. Almost any other web browser configuration is likely to be
299
-unsafe.
300
+unsafe to use with Tor.
300 301
 
301 302
 </p>
302 303
 
... ...
@@ -306,17 +307,14 @@ unsafe.
306 307
 
307 308
 <p>
308 309
 
309
-The Tor Browser will block browser plugins such as Java, Flash, ActiveX,
310
-RealPlayer, Quicktime, Adobe's PDF plugin, and others: they can be manipulated
311
-into revealing your IP address. Similarly, we do not recommend installing
312
-additional addons or plugins into the Tor Browser, as these may bypass Tor or
313
-otherwise impede your anonymity. This means Youtube is disabled by default.
314
-Youtube provides an experimental
315
-<a href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
316
-many videos, but you you must visit that link opt-in manually. Youtube's
317
-support for the HTML5 feature is buggy and incomplete, so we are also working
318
-to provide a safe way to temporarily enable Flash in future Tor Browser
319
-versions.
310
+The Tor Browser will block browser plugins such as Flash, RealPlayer,
311
+Quicktime, and others: they can be manipulated into revealing your IP address.
312
+Similarly, we do not recommend installing additional addons or plugins into
313
+the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and
314
+privacy. The lack of plugins means that Youtube videos are blocked by default,
315
+but Youtube does provide an experimental opt-in feature
316
+<a href="https://www.youtube.com/html5">(enable it here)</a> that works for some
317
+videos.
320 318
 
321 319
 </p>
322 320
 
... ...
@@ -325,18 +323,20 @@ versions.
325 323
 <li><b>Use HTTPS versions of websites</b>
326 324
 
327 325
 <p>
328
-Tor anonymizes the origin of your traffic, and it encrypts everything between
329
-you and the Tor network and everything inside the Tor network, but 
330
-<a href="<wikifaq>#SoImtotallyanonymousifIuseTor">it can't encrypt your traffic
331
-between the Tor network and its final destination.</a> To help ensure
332
-privacy for the last leg, the Tor Browser Bundle includes 
333
-<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force
334
-the use of HTTPS with a number of major websites, but you should still
335
-watch the browser URL bar to ensure that websites you provide sensitive information
336
-to display a 
326
+
327
+Tor will encrypt your traffic
328
+<a href="https://www.torproject.org/about/overview.html.en#thesolution">to and
329
+within the Tor network</a>, but the encryption of your traffic to the final
330
+destination website depends upon on that website. To help ensure private
331
+encryption to websites, the Tor Browser Bundle includes <a
332
+href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force the
333
+use of HTTPS encryption with major websites that support it. However, you
334
+should still watch the browser URL bar to ensure that websites you provide
335
+sensitive information to display a
337 336
 <a href="https://support.mozilla.com/en-US/kb/Site%20Identity%20Button">blue or
338
-green validation</a>, include <b>https://</b> in the URL bar, 
339
-and display the proper name for the current website.
337
+green URL bar button</a>, include <b>https://</b> in the URL, and display the
338
+proper expected name for the website.
339
+
340 340
 </p>
341 341
 
342 342
 </li>
... ...
@@ -345,20 +345,19 @@ and display the proper name for the current website.
345 345
 
346 346
 <p>
347 347
 
348
-The Tor Browser will warn you before automatically opening documents
349
-that are handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.
350
-You should be very careful when downloading documents via Tor (especially DOC
351
-and PDF files) as these documents can contain Internet resources that will be
352
-downloaded outside of Tor by the application that opens them. These documents
353
-can be modified by malicious exit nodes, or by a website who is trying to trick
354
-you into revealing your non-Tor IP address. If you must work with DOC and/or
355
-PDF files, we strongly recommend using a disconnected computer, a 
356
-<a href="https://www.virtualbox.org/">VirtualBox</a> free 
357
-<a href="http://virtualboxes.org/">image</a> with networking disabled, or 
358
-<a href="http://tails.boum.org/">Tails</a>. Under no circumstances is it safe to
359
-use <a
360
-href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
361
-and Tor</a> together.
348
+The Tor Browser will warn you before automatically opening documents that are
349
+handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.  You
350
+should be very careful when downloading documents via Tor (especially DOC and
351
+PDF files) as these documents can contain Internet resources that will be
352
+downloaded outside of Tor by the application that opens them. This will reveal
353
+your non-Tor IP address. If you must work with DOC and/or PDF files, we
354
+strongly recommend either using a disconnected computer,
355
+downloading the free <a href="https://www.virtualbox.org/">VirtualBox</a> and
356
+using it with a <a href="http://virtualboxes.org/">virtual machine image</a>
357
+with networking disabled, or using <a href="http://tails.boum.org/">Tails</a>.
358
+Under no circumstances is it safe to use
359
+<a href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
360
+and Tor</a> together, however.
362 361
 
363 362
 </p>
364 363
 
... ...
@@ -367,14 +366,18 @@ and Tor</a> together.
367 366
 <li><b>Use bridges and/or find company</b>
368 367
 
369 368
 <p>
370
-Tor tries to prevent attackers from learning what destinations you connect
371
-to. It doesn't prevent somebody watching your traffic from learning that
372
-you're using Tor. You can mitigate (but not fully resolve) the risk
373
-by using a <a href="<page docs/bridges>">Tor bridge relay</a> rather than
374
-connecting directly to the public Tor network, but ultimately the best
375
-protection here is a social approach: the more Tor users there are near
376
-you and the more <a href="<page about/torusers>">diverse</a> their interests,
377
-the less dangerous it will be that you are one of them.
369
+
370
+Tor tries to prevent attackers from learning what destination websites you
371
+connect to. However, by default, it does not prevent somebody watching your Internet
372
+traffic from learning that you're using Tor. If this matters to you, you can
373
+reduce this risk by configuring Tor to use a <a href="<page docs/bridges>">Tor
374
+bridge relay</a> rather than connecting directly to the public Tor network.
375
+Ultimately the best protection is a social approach: the more Tor
376
+users there are near you and the more 
377
+<a href="<page about/torusers>">diverse</a> their interests, the less 
378
+dangerous it will be that you are one of them. Convince other people to use
379
+Tor, too!
380
+
378 381
 </p>
379 382
 
380 383
 </li>