bring the warnings list a little bit more up to date. (56d1ad7d5)

en/download.wml

@@ -206,32 +206,31 @@ href="https://addons.mozilla.org/firefox/2275/">Torbutton</a> extension.
 </li>
 
 <li>
-Browser plugins such as Java, Flash, ActiveX, RealPlayer,
-Quicktime, Adobe's PDF plugin, and others can be manipulated
-into revealing your IP address. You should probably
-<a href="http://plugindoc.mozdev.org/faqs/uninstall.html">uninstall your
-plugins</a>
-(go to "about:plugins" to see what is installed), or investigate <a
-href="https://addons.mozilla.org/firefox/1237/">QuickJava</a>, <a
-href="https://addons.mozilla.org/firefox/433/">FlashBlock</a>, and
-<a href="http://noscript.net/">NoScript</a>
-if you really need them. Consider removing extensions that look up
-more information about the websites you type in (like Google toolbar),
-as they may bypass Tor and/or broadcast sensitive information. Some
+Torbutton blocks browser plugins such as Java, Flash, ActiveX, RealPlayer,
+Quicktime, Adobe's PDF plugin, and others: they can be manipulated
+into revealing your IP address. For example, that means Youtube is
+disabled. If you really need your Youtube, you can <a href="<page
+torbutton/faq>#noflash">reconfigure Torbutton</a> to allow it; but
+be aware that you're opening yourself up to potential attack. Also,
+extensions like Google toolbar look up
+more information about the websites you type in:
+they may bypass Tor and/or broadcast sensitive information. Some
 people prefer using two browsers (one for Tor, one for unsafe browsing).
 </li>
 
 <li>
-Beware of cookies: if you ever browse without Tor and Privoxy
+Beware of cookies: if you ever browse without Tor
 and a site gives you a cookie, that cookie could identify you even when
-you start using Tor again. You should clear your cookies frequently. <a
+you start using Tor again. Torbutton tries to handle your cookies
+safely. <a
 href="https://addons.mozilla.org/firefox/82/">CookieCuller</a> can help
 protect any cookies you do not want to lose.
 </li>
 
 <li>
-Tor anonymizes the origin of your traffic,
-and it encrypts everything inside the Tor network, but <a
+Tor anonymizes the origin of your traffic, and it encrypts everything
+between you and the Tor network and everything inside the Tor network,
+but <a
 href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers">it
 can't encrypt your traffic between the Tor network and its final
 destination.</a>
@@ -245,7 +244,8 @@ While Tor blocks attackers
 on your local network from discovering or influencing your destination,
 it opens new risks: malicious or misconfigured Tor exit nodes can send
 you the wrong page, or even send you embedded Java applets disguised as
-domains you trust.
+domains you trust. Be careful opening documents or applications you
+download through Tor, unless you've verified their integrity.
 </li>
 </ol>
 


...	...	@@ -206,32 +206,31 @@ href="https://addons.mozilla.org/firefox/2275/">Torbutton</a> extension.
206	206	</li>
207	207
208	208	<li>
209		-Browser plugins such as Java, Flash, ActiveX, RealPlayer,
210		-Quicktime, Adobe's PDF plugin, and others can be manipulated
211		-into revealing your IP address. You should probably
212		-<a href="http://plugindoc.mozdev.org/faqs/uninstall.html">uninstall your
213		-plugins</a>
214		-(go to "about:plugins" to see what is installed), or investigate <a
215		-href="https://addons.mozilla.org/firefox/1237/">QuickJava</a>, <a
216		-href="https://addons.mozilla.org/firefox/433/">FlashBlock</a>, and
217		-<a href="http://noscript.net/">NoScript</a>
218		-if you really need them. Consider removing extensions that look up
219		-more information about the websites you type in (like Google toolbar),
220		-as they may bypass Tor and/or broadcast sensitive information. Some
	209	+Torbutton blocks browser plugins such as Java, Flash, ActiveX, RealPlayer,
	210	+Quicktime, Adobe's PDF plugin, and others: they can be manipulated
	211	+into revealing your IP address. For example, that means Youtube is
	212	+disabled. If you really need your Youtube, you can <a href="<page
	213	+torbutton/faq>#noflash">reconfigure Torbutton</a> to allow it; but
	214	+be aware that you're opening yourself up to potential attack. Also,
	215	+extensions like Google toolbar look up
	216	+more information about the websites you type in:
	217	+they may bypass Tor and/or broadcast sensitive information. Some
221	218	people prefer using two browsers (one for Tor, one for unsafe browsing).
222	219	</li>
223	220
224	221	<li>
225		-Beware of cookies: if you ever browse without Tor and Privoxy
	222	+Beware of cookies: if you ever browse without Tor
226	223	and a site gives you a cookie, that cookie could identify you even when
227		-you start using Tor again. You should clear your cookies frequently. <a
	224	+you start using Tor again. Torbutton tries to handle your cookies
	225	+safely. <a
228	226	href="https://addons.mozilla.org/firefox/82/">CookieCuller</a> can help
229	227	protect any cookies you do not want to lose.
230	228	</li>
231	229
232	230	<li>
233		-Tor anonymizes the origin of your traffic,
234		-and it encrypts everything inside the Tor network, but <a
	231	+Tor anonymizes the origin of your traffic, and it encrypts everything
	232	+between you and the Tor network and everything inside the Tor network,
	233	+but <a
235	234	href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers">it
236	235	can't encrypt your traffic between the Tor network and its final
237	236	destination.</a>
...	...	@@ -245,7 +244,8 @@ While Tor blocks attackers
245	244	on your local network from discovering or influencing your destination,
246	245	it opens new risks: malicious or misconfigured Tor exit nodes can send
247	246	you the wrong page, or even send you embedded Java applets disguised as
248		-domains you trust.
	247	+domains you trust. Be careful opening documents or applications you
	248	+download through Tor, unless you've verified their integrity.
249	249	</li>
250	250	</ol>
251	251
252	252

tor-webwml.git