Browse code

Add bullet titles for each warning bullet, so the list can be skimmed.

Also add suggestions from velope and arma.

Mike Perry authored on24/12/2011 23:23:40
Showing2 changed files
... ...
@@ -25,7 +25,8 @@
25 25
 <!-- BEGIN TEASER WARNING -->
26 26
     <div class="warning-top">
27 27
       <h2>Want Tor to really work?</h2>
28
-	<p>...then please don't just install it and go on.  You need to change some of your habits, and reconfigure your software! Tor by itself is <em>NOT</em> all you need to maintain your anonymity. Read the <a href="#warning">full list of warnings</a>.
28
+	<p>You need to change some of your habits, as some things won't work exactly as
29
+you are used to. Please read the <a href="#warning">full list of warnings</a> for details.
29 30
 	</p>
30 31
       </div>
31 32
 <!-- END TEASER WARNING -->
... ...
@@ -143,12 +144,14 @@
143 144
 <a name="warning"></a>
144 145
 <a name="Warning"></a>
145 146
 <h2><a class="anchor" href="#warning">Want Tor to really work?</a></h2>
146
-<p>...then please don't just install it and go on.  You need to change some of your habits, and reconfigure your software! Tor by itself is <em>NOT</em> all you need to maintain your anonymity. There are several major pitfalls to watch out for:
147
-</p>
147
+	<p>You need to change some of your habits, as some things won't work exactly as
148
+you are used to.  </p>
148 149
 
149 150
 <ol>
150 151
 
151
-<li>
152
+<li><b>Use the Tor Browser</b>
153
+
154
+<p>
152 155
 
153 156
 Tor only protects Internet applications that are configured to send their
154 157
 traffic through Tor &mdash; it doesn't magically anonymize all of your traffic
... ...
@@ -156,60 +159,77 @@ just because you install it. We strongly recommend you use the <a href="<page
156 159
 projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
157 160
 your privacy and anonymity on the web as long as you're browsing with Tor
158 161
 Browser itself. Almost any other web browser configuration is likely to be
159
-unsafe. Similarly, we do not recommend installing additional addons into the
160
-Tor Browser, as these may bypass Tor or otherwise impede your anonymity.
162
+unsafe.
163
+
164
+</p>
161 165
 
162 166
 </li>
163 167
 
164
-<li>
168
+<li><b>Don't enable or install browser plugins</b>
169
+
170
+<p>
165 171
 
166 172
 The Tor Browser will block browser plugins such as Java, Flash, ActiveX,
167 173
 RealPlayer, Quicktime, Adobe's PDF plugin, and others: they can be manipulated
168
-into revealing your IP address. For example, that means Youtube is disabled by
169
-default. Youtube provides an experimental <a
170
-href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
171
-many videos, but you you must vist that link opt-in manually. Youtube's
172
-support for the HTML5 feaure is buggy and incomplete, so we are also working
174
+into revealing your IP address. Similarly, we do not recommend installing
175
+additional addons or plugins into the Tor Browser, as these may bypass Tor or
176
+otherwise impede your anonymity. This means Youtube is disabled by default.
177
+Youtube provides an experimental
178
+<a href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
179
+many videos, but you you must visit that link opt-in manually. Youtube's
180
+support for the HTML5 feature is buggy and incomplete, so we are also working
173 181
 to provide a safe way to temporarily enable Flash in future Tor Browser
174 182
 versions.
175 183
 
176
-</li>
177
-
178
-<li>
179
-
180
-Similarly, Tor Browser will warn you before automatically opening
181
-documents that are handled by external applications. <b>DO NOT IGNORE THIS
182
-WARNING</b>. You should be very careful when downloading documents via Tor
183
-(especially DOC and PDF files) as these documents can contain Internet
184
-resources that will be downloaded outside of Tor by the application that
185
-opens them. These documents can be modified by malicious exit nodes, or by
186
-someone who is trying to trick you into revealing your non-Tor IP address. If
187
-you must work with DOC and/or PDF files, we strongly recommend using a
188
-disconnected computer, a <a href="https://www.virtualbox.org/">VirtualBox</a>
189
-free <a href="http://virtualboxes.org/">image</a> with networking disabled, or 
190
-<a href="http://tails.boum.org/">Tails</a>.
184
+</p>
191 185
 
192 186
 </li>
193 187
 
194
-<li>
188
+<li><b>Use HTTPS versions of websites</b>
195 189
 
190
+<p>
196 191
 Tor anonymizes the origin of your traffic, and it encrypts everything between
197 192
 you and the Tor network and everything inside the Tor network, but 
198 193
 <a href="<wikifaq>#SoImtotallyanonymousifIuseTor">it can't encrypt your traffic
199 194
 between the Tor network and its final destination.</a> To help ensure
200
-privacy for this last leg, the Tor Browser Bundle includes 
201
-<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to encrypt
202
-your communications with a number of major websites, but you should still
195
+privacy for the last leg, the Tor Browser Bundle includes 
196
+<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force
197
+the use of HTTPS with a number of major websites, but you should still
203 198
 watch the browser URL bar to ensure that websites you provide sensitive information
204 199
 to display a 
205 200
 <a href="https://support.mozilla.com/en-US/kb/Site%20Identity%20Button">blue or
206 201
 green validation</a>, include <b>https://</b> in the URL bar, 
207 202
 and display the proper name for the current website.
203
+</p>
208 204
 
209 205
 </li>
210 206
 
211
-<li>
207
+<li><b>Don't open documents downloaded through Tor while online</b>
208
+
209
+<p>
212 210
 
211
+The Tor Browser will warn you before automatically opening documents
212
+that are handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.
213
+You should be very careful when downloading documents via Tor (especially DOC
214
+and PDF files) as these documents can contain Internet resources that will be
215
+downloaded outside of Tor by the application that opens them. These documents
216
+can be modified by malicious exit nodes, or by a website who is trying to trick
217
+you into revealing your non-Tor IP address. If you must work with DOC and/or
218
+PDF files, we strongly recommend using a disconnected computer, a 
219
+<a href="https://www.virtualbox.org/">VirtualBox</a> free 
220
+<a href="http://virtualboxes.org/">image</a> with networking disabled, or 
221
+<a href="http://tails.boum.org/">Tails</a>. Under no circumstances is it safe to
222
+use <a
223
+href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
224
+and Tor</a> together.
225
+
226
+</p>
227
+
228
+</li>
229
+
230
+<li><b>Use bridges and/or find company</b>
231
+
232
+<p>
213 233
 Tor tries to prevent attackers from learning what destinations you connect
214 234
 to. It doesn't prevent somebody watching your traffic from learning that
215 235
 you're using Tor. You can mitigate (but not fully resolve) the risk
... ...
@@ -218,12 +238,8 @@ connecting directly to the public Tor network, but ultimately the best
218 238
 protection here is a social approach: the more Tor users there are near
219 239
 you and the more <a href="<page about/torusers>">diverse</a> their interests,
220 240
 the less dangerous it will be that you are one of them.
241
+</p>
221 242
 
222
-</li>
223
-
224
-<li> Do not use <a
225
-href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
226
-and Tor</a> together.
227 243
 </li>
228 244
 </ol>
229 245
 <br>
... ...
@@ -281,11 +281,14 @@
281 281
 <a name="warning"></a>
282 282
 <a name="Warning"></a>
283 283
 <h2><a class="anchor" href="#warning">Want Tor to really work?</a></h2>
284
-<p>...then please don't just install it and go on.  You need to change some of your habits, and reconfigure your software! Tor by itself is <em>NOT</em> all you need to maintain your anonymity. There are several major pitfalls to watch out for:
284
+	<p>You need to change some of your habits, as some things won't work exactly as
285
+you are used to. Please read the <a href="#warning">full list of warnings</a> for details.
285 286
 </p>
286 287
 
287 288
 <ol>
288
-<li>
289
+<li><b>Use the Tor Browser</b>
290
+
291
+<p>
289 292
 
290 293
 Tor only protects Internet applications that are configured to send their
291 294
 traffic through Tor &mdash; it doesn't magically anonymize all of your traffic
... ...
@@ -293,60 +296,77 @@ just because you install it. We strongly recommend you use the <a href="<page
293 296
 projects/torbrowser>">Tor Browser Bundle</a>. It is pre-configured to protect
294 297
 your privacy and anonymity on the web as long as you're browsing with Tor
295 298
 Browser itself. Almost any other web browser configuration is likely to be
296
-unsafe. Similarly, we do not recommend installing additional addons into the
297
-Tor Browser, as these may bypass Tor or otherwise impede your anonymity.
299
+unsafe.
300
+
301
+</p>
298 302
 
299 303
 </li>
300 304
 
301
-<li>
305
+<li><b>Don't enable or install browser plugins</b>
306
+
307
+<p>
302 308
 
303 309
 The Tor Browser will block browser plugins such as Java, Flash, ActiveX,
304 310
 RealPlayer, Quicktime, Adobe's PDF plugin, and others: they can be manipulated
305
-into revealing your IP address. For example, that means Youtube is disabled by
306
-default. Youtube provides an experimental <a
307
-href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
308
-many videos, but you you must vist that link opt-in manually. Youtube's
309
-support for the HTML5 feaure is buggy and incomplete, so we are also working
311
+into revealing your IP address. Similarly, we do not recommend installing
312
+additional addons or plugins into the Tor Browser, as these may bypass Tor or
313
+otherwise impede your anonymity. This means Youtube is disabled by default.
314
+Youtube provides an experimental
315
+<a href="https://www.youtube.com/html5">non-Flash HTML5 mode</a> that works for
316
+many videos, but you you must visit that link opt-in manually. Youtube's
317
+support for the HTML5 feature is buggy and incomplete, so we are also working
310 318
 to provide a safe way to temporarily enable Flash in future Tor Browser
311 319
 versions.
312 320
 
313
-</li>
314
-
315
-<li>
316
-
317
-Similarly, Tor Browser will warn you before automatically opening
318
-documents that are handled by external applications. <b>DO NOT IGNORE THIS
319
-WARNING</b>. You should be very careful when downloading documents via Tor
320
-(especially DOC and PDF files) as these documents can contain Internet
321
-resources that will be downloaded outside of Tor by the application that
322
-opens them. These documents can be modified by malicious exit nodes, or by
323
-someone who is trying to trick you into revealing your non-Tor IP address. If
324
-you must work with DOC and/or PDF files, we strongly recommend using a
325
-disconnected computer, a <a href="https://www.virtualbox.org/">VirtualBox</a>
326
-free <a href="http://virtualboxes.org/">image</a> with networking disabled, or 
327
-<a href="http://tails.boum.org/">Tails</a>.
321
+</p>
328 322
 
329 323
 </li>
330 324
 
331
-<li>
325
+<li><b>Use HTTPS versions of websites</b>
332 326
 
327
+<p>
333 328
 Tor anonymizes the origin of your traffic, and it encrypts everything between
334 329
 you and the Tor network and everything inside the Tor network, but 
335 330
 <a href="<wikifaq>#SoImtotallyanonymousifIuseTor">it can't encrypt your traffic
336 331
 between the Tor network and its final destination.</a> To help ensure
337
-privacy for this last leg, the Tor Browser Bundle includes 
338
-<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to encrypt
339
-your communications with a number of major websites, but you should still
332
+privacy for the last leg, the Tor Browser Bundle includes 
333
+<a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> to force
334
+the use of HTTPS with a number of major websites, but you should still
340 335
 watch the browser URL bar to ensure that websites you provide sensitive information
341 336
 to display a 
342 337
 <a href="https://support.mozilla.com/en-US/kb/Site%20Identity%20Button">blue or
343 338
 green validation</a>, include <b>https://</b> in the URL bar, 
344 339
 and display the proper name for the current website.
340
+</p>
341
+
342
+</li>
343
+
344
+<li><b>Don't open documents downloaded through Tor while online</b>
345
+
346
+<p>
347
+
348
+The Tor Browser will warn you before automatically opening documents
349
+that are handled by external applications. <b>DO NOT IGNORE THIS WARNING</b>.
350
+You should be very careful when downloading documents via Tor (especially DOC
351
+and PDF files) as these documents can contain Internet resources that will be
352
+downloaded outside of Tor by the application that opens them. These documents
353
+can be modified by malicious exit nodes, or by a website who is trying to trick
354
+you into revealing your non-Tor IP address. If you must work with DOC and/or
355
+PDF files, we strongly recommend using a disconnected computer, a 
356
+<a href="https://www.virtualbox.org/">VirtualBox</a> free 
357
+<a href="http://virtualboxes.org/">image</a> with networking disabled, or 
358
+<a href="http://tails.boum.org/">Tails</a>. Under no circumstances is it safe to
359
+use <a
360
+href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
361
+and Tor</a> together.
362
+
363
+</p>
345 364
 
346 365
 </li>
347 366
 
348
-<li>
367
+<li><b>Use bridges and/or find company</b>
349 368
 
369
+<p>
350 370
 Tor tries to prevent attackers from learning what destinations you connect
351 371
 to. It doesn't prevent somebody watching your traffic from learning that
352 372
 you're using Tor. You can mitigate (but not fully resolve) the risk
... ...
@@ -355,13 +375,11 @@ connecting directly to the public Tor network, but ultimately the best
355 375
 protection here is a social approach: the more Tor users there are near
356 376
 you and the more <a href="<page about/torusers>">diverse</a> their interests,
357 377
 the less dangerous it will be that you are one of them.
378
+</p>
358 379
 
359 380
 </li>
360 381
 
361
-<li> Do not use <a
362
-href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">BitTorrent
363
-and Tor</a> together.
364
-</li>
382
+
365 383
 </ol>
366 384
 <br>
367 385
 <p>