fix HTML Tags
Mfr commited on 2008-08-01 10:33:23
Zeige 1 geänderte Dateien mit 16 Einfügungen und 12 Löschungen.
- torbutton/en/faq.wml 127a468e6..f9331f94f
| ... | ... |
@@ -53,7 +53,7 @@ Plugins are binary blobs that get inserted into Firefox and can perform |
| 53 | 53 |
arbitrary activity on your computer. This includes but is not limited to: <a |
| 54 | 54 |
href="http://www.metasploit.com/research/projects/decloak/">completely |
| 55 | 55 |
disregarding proxy settings</a>, querying your <a |
| 56 |
-href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local |
|
| 56 |
+href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local |
|
| 57 | 57 |
IP address</a>, and <a |
| 58 | 58 |
href="http://epic.org/privacy/cookies/flash.html">storing their own |
| 59 | 59 |
cookies</a>. It is possible to use a LiveCD or VMWare-based solution such as |
| ... | ... |
@@ -143,16 +142,17 @@ behavior are dangerous. |
| 143 | 142 |
</p> |
| 144 | 143 |
|
| 145 | 144 |
<ol> |
| 146 |
- <li>StumbleUpon, et al</li> |
|
| 145 |
+ <li>StumbleUpon, et al |
|
| 146 |
+ <p> |
|
| 147 | 147 |
These extensions will send all sorts of information about the websites you |
| 148 | 148 |
visit to the stumbleupon servers, and correlate this information with a |
| 149 | 149 |
unique identifier. This is obviously terrible for your anonymity. |
| 150 | 150 |
More generally, any sort of extension that requires registration, or even |
| 151 | 151 |
extensions that provide information about websites you visit should be |
| 152 | 152 |
suspect. |
| 153 |
- |
|
| 154 |
- <li>FoxyProxy</li> |
|
| 155 |
- |
|
| 153 |
+ </p> </li> |
|
| 154 |
+ <li>FoxyProxy |
|
| 155 |
+<p> |
|
| 156 | 156 |
While FoxyProxy is a nice idea in theory, in practice it is impossible to |
| 157 | 157 |
configure securely for Tor usage without Torbutton. Like all vanilla third |
| 158 | 158 |
party proxy plugins, the main risks are <a |
| ... | ... |
@@ -169,12 +169,14 @@ sites use offsite logging services such as Google Analytics, you will |
| 169 | 169 |
still end up in their logs with your real IP. Malicious exit nodes can also |
| 170 | 170 |
cooperate with sites to inject images into pages that bypass your filters. |
| 171 | 171 |
Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in |
| 172 |
-this regard, but be very careful with the filters you allow. For example, something as simple as allowing *google* to go via Non-Tor will still cause you to end up |
|
| 172 |
+this regard, but be very careful with the filters you allow. For example, |
|
| 173 |
+something as simple as allowing *google* to go via Non-Tor will still cause you to end up |
|
| 173 | 174 |
in all the logs of all websites that use Google Analytics! See <a |
| 174 | 175 |
href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this question</a> on |
| 175 | 176 |
the FoxyProxy FAQ for more information. |
| 176 | 177 |
|
| 177 |
- <li>NoScript</li> |
|
| 178 |
+ <li>NoScript |
|
| 179 |
+ <p> |
|
| 178 | 180 |
Torbutton currently mitigates all known anonymity issues with Javascript. |
| 179 | 181 |
While it may be tempting to get better security by disabling Javascript for |
| 180 | 182 |
certain sites, you are far better off with an all-or-nothing approach. |
| ... | ... |
@@ -186,28 +188,29 @@ the FoxyProxy FAQ for more information. |
| 186 | 188 |
can actually disable protections that Torbutton itself provides via |
| 187 | 189 |
Javascript, yet still allow malicious exit nodes to compromise your |
| 188 | 190 |
anonymity via the default whitelist (which they can spoof to inject any script they want). |
| 189 |
- |
|
| 191 |
+</p></li> |
|
| 190 | 192 |
</ol> |
| 191 | 193 |
|
| 192 | 194 |
<strong>Which Firefox extensions do you recommend?</strong> |
| 193 | 195 |
<ol> |
| 194 |
- <li><a href="https://crypto.stanford.edu/forcehttps/">ForceHTTPS</a></li> |
|
| 196 |
+ <li><a href="https://crypto.stanford.edu/forcehttps/">ForceHTTPS</a><p> |
|
| 195 | 197 |
Many sites on the Internet are <a |
| 196 | 198 |
href="http://www.defcon.org/html/defcon-16/dc-16-speakers.html#Perry">sloppy |
| 197 | 199 |
about their use of HTTPS</a> and secure |
| 198 | 200 |
cookies. This addon can help you ensure that you always use HTTPS for sites |
| 199 | 201 |
that support it, and reduces the chances of your cookies being stolen for |
| 200 |
-sites that do not secure them. |
|
| 202 |
+sites that do not secure them.</p></li> |
|
| 201 | 203 |
<li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a></li> |
| 202 | 204 |
Mentioned above, this extension allows more fine-grained referrer spoofing |
| 203 | 205 |
than Torbutton currently provides. It should break less sites than Torbutton's |
| 204 |
-referrer spoofing option. |
|
| 205 |
- <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a></li> |
|
| 206 |
+referrer spoofing option.</p></li> |
|
| 207 |
+ <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a> <p> |
|
| 206 | 208 |
If you use Tor excessively, and rarely disable it, you probably want to |
| 207 | 209 |
install this extension to minimize the ability of sites to store long term |
| 208 | 210 |
identifiers in your cache. This extension applies same origin policy to the |
| 209 | 211 |
cache, so that elements are retrieved from the cache only if they are fetched |
| 210 | 212 |
from a document in the same origin domain as the cached element. |
| 213 |
+</p></li> |
|
| 211 | 214 |
</ol> |
| 212 | 215 |
|
| 213 | 216 |
<strong>Are there any other issues I should be concerned about?</strong> |
| 214 | 217 |