deleted file mode 100644

@@ -1,43 +0,0 @@

-## translation metadata

-# Revision: $Revision$

-# Translation-Priority: 3-low

-

-#include "head.wmi" TITLE="Tor Project: Torbutton Options" CHARSET="UTF-8"

-<div id="content" class="clearfix">

-	<div id="breadcrumbs">

-    <a href="<page index>">Home &raquo; </a>

-    <a href="<page torbutton/index>">Torbutton &raquo; </a>

-    <a href="<page torbutton/torbutton-options>">Torbutton Options</a>

-  </div>

-	<div id="maincol">  

-    <!-- PUT CONTENT AFTER THIS TAG -->

-

-    <h2>Torbutton</h2>

-    <hr>

-

-    <p>

-    Torbutton is the component in <a href="<page projects/torbrowser>">Tor

-    Browser Bundle</a> that takes care of application-level

-    security and privacy concerns in Firefox.  To keep you safe,

-    Torbutton disables many types of active content.

-    </p>

-  

-    <p>

-    Now that the <a href="<page projects/torbrowser>">Tor Browser

-    Bundle</a> includes a patched version of Firefox, and because we don't

-    have enough developer resources to keep up with the accelerated

-    Firefox release schedule, the toggle model of Torbutton is <a

-    href="https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton">no

-    longer supported</a>. <b>Users should be using Tor Browser Bundle,

-    not installing Torbutton themselves.</b>

-    </p>

-    </div>

-  <!-- END MAINCOL -->

-  <div id = "sidecol">

-#include "side.wmi"

-#include "info.wmi"

-  </div>

-  <!-- END SIDECOL -->

-</div>

-<!-- END CONTENT -->

-#include <foot.wmi>       

@@ -11,257 +11,27 @@

   </div>

 	<div id="maincol">  

     <!-- PUT CONTENT AFTER THIS TAG -->

-    

-    <h2>Torbutton Options</h2>

+

+    <h2>Torbutton</h2>

     <hr>

-    

-    <p>Torbutton 1.2.0 adds several new security features to protect your

-    anonymity from all the major threats we know about. The defaults should be

-    fine (and safest!) for most people, but in case you are the tweaker type,

-    or if you prefer to try to outsource some options to more flexible extensions,

-    here is the complete list. (In an ideal world, these descriptions should all be

-    tooltips in the extension itself, but Firefox bugs <a

-    href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a

-    href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently

-    prevent this.)</p>

-    

-    <ul>

-     <li>Disable plugins on Tor Usage (crucial)<p> 

-    

-      This option is key to Tor security. Plugins perform their own networking

-    independent of the browser, and many plugins only partially obey even their own

-    proxy settings.

-    </p></li>

-      <li>Isolate Dynamic Content to Tor State (crucial)<p> 

-    

-      Another crucial option, this setting causes the plugin to disable Javascript

-      on tabs that are loaded during a Tor state different than the current one,

-      to prevent delayed fetches of injected URLs that contain unique identifiers,

-      and to prevent meta-refresh tags from revealing your IP when you turn off

-      Tor. It also prevents all fetches from tabs loaded with an opposite Tor

-      state. This serves to block non-Javascript dynamic content such as CSS

-      popups from revealing your IP address if you disable Tor.

-    </p></li>

-      <li>Hook Dangerous Javascript (crucial)<p> 

-    

-    This setting enables the Javascript hooking code. Javascript is injected into

-    pages to hook the Date object to mask your timezone, and to hook the navigator

-    object to mask OS and user agent properties not handled by the standard

-    Firefox user agent override settings.

-    </p></li>

-      <li>Resize window dimensions to multiples of 50px on toggle (recommended)<p> 

-    

-    To cut down on the amount of state available to fingerprint users uniquely, 

-    this pref causes windows to be resized to a multiple of 50 pixels on each

-    side when Tor is enabled and pages are loaded.

-    </p></li>

-      <li>Disable Updates During Tor (recommended)<p> 

-    

-    Under Firefox 2, many extension authors did not update their extensions from 

-    SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to 

-    existing extensions. Since Firefox 3 now enforces encrypted and/or

-    authenticated updates, this setting is no longer as important as it once

-    was (though updates do leak information about which extensions you have, it is

-    fairly infrequent).

-    </p></li>

-      <li>Disable Search Suggestions during Tor (optional)<p> 

-    

-    This optional setting governs if you get Google search suggestions during Tor

-    usage. Since no cookie is transmitted during search suggestions, this is a

-    relatively benign behavior.

-    </p></li>

-      <li>Block Livemarks updates during Tor usage (recommended)<p> 

-    

-    This setting causes Torbutton to disable your <a

-    href="http://www.mozilla.com/firefox/livebookmarks.html">Live bookmark</a>

-    updates. Since most people use Live bookmarks for RSS feeds from their blog,

-    their friends' blogs, the wikipedia page they edit, and other such things,

-    these updates probably should not happen over Tor. This feature takes effect

-    in Firefox 3.5 and above only.

-    

-    </p></li>

-      <li>Block Tor/Non-Tor access to network from file:// urls (recommended)<p> 

-    

-    These settings prevent local html documents from transmitting local files to

-    arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that

-    force the browser to save arbitrary pages locally (and also inject script into

-    arbitrary html files you save to disk via Tor), it is probably a good idea to

-    leave this setting on.

-    </p></li>

-      <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)<p> 

-    

-    These two settings allow you to obtain a greater degree of assurance that

-    after you toggle out of Tor, the pages are really gone and can't perform any

-    extra network activity. Currently, there is no known way that pages can still

-    perform activity after toggle, but these options exist as a backup measure

-    just in case a flaw is discovered. They can also serve as a handy 'Boss

-    Button' feature for clearing all Tor browsing off your screen in a hurry.

-    </p></li>

-      <li>Isolate access to history navigation to Tor state (crucial)<p> 

-    

-    This setting prevents both Javascript and accidental user clicks from causing

-    the session history to load pages that were fetched in a different Tor state

-    than the current one. Since this can be used to correlate Tor and Non-Tor

-    activity and thus determine your IP address, it is marked as a crucial 

-    setting.

-    </p></li>

-      <li>Block History Reads during Tor (crucial)<p> 

-    

-      Based on code contributed by <a href="http://www.collinjackson.com/">Collin

-      Jackson</a>, when enabled and Tor is enabled, this setting prevents the

-    rendering engine from knowing if certain links were visited.  This mechanism

-    defeats all document-based history disclosure attacks, including CSS-only

-    attacks.

-    </p></li>

-      <li>Block History Reads during Non-Tor (recommended)<p> 

-    

-      This setting accomplishes the same but for your Non-Tor activity.

-    </p></li>

-      <li>Block History Writes during Tor (recommended)<p> 

-    

-      This setting prevents the rendering engine from recording visited URLs, and

-    also disables download manager history. Note that if you allow writing of Tor history,

-    it is recommended that you disable non-Tor history reads, since malicious

-    websites you visit without Tor can query your history for .onion sites and

-    other history recorded during Tor usage (such as Google queries).

-    </p></li>

-      <li>Block History Writes during Non-Tor (optional)<p> 

-    

-    This setting also disables recording any history information during Non-Tor

-    usage.

-    </p></li>

-    <li>Clear History During Tor Toggle (optional)<p> 

-    

-      This is an alternate setting to use instead of (or in addition to) blocking

-    history reads or writes.

-    </p></li>

-      <li>Block Password+Form saving during Tor/Non-Tor<p> 

-    

-      These options govern if the browser writes your passwords and search

-      submissions to disk for the given state.

-    </p></li>

-      <li>Block Tor disk cache and clear all cache on Tor Toggle<p> 

-    

-      Since the browser cache can be leveraged to store unique identifiers, cache

-    must not persist across Tor sessions. This option keeps the memory cache active

-    during Tor usage for performance, but blocks disk access for caching.

-    </p></li>

-      <li>Block disk and memory cache during Tor<p> 

-    

-      This setting entirely blocks the cache during Tor, but preserves it for

-    Non-Tor usage.

-    </p></li>

-      <li>Clear Cookies on Tor Toggle<p> 

-    

-      Fully clears all cookies on Tor toggle.

-    </p></li>

-      <li>Store Non-Tor cookies in a protected jar<p> 

-    

-      This option stores your persistent Non-Tor cookies in a special cookie jar

-      file, in case you wish to preserve some cookies. Based on code contributed

-      by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is

-      compatible with third party extensions that you use to manage your Non-Tor

-      cookies. Your Tor cookies will be cleared on toggle, of course.

-    </p></li>

-      <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)<p> 

-    

-      This option stores your persistent Tor and Non-Tor cookies 

-      separate cookie jar files. Note that it is a bad idea to keep Tor

-      cookies around for any length of time, as they can be retrieved by exit

-      nodes that inject spoofed forms into plaintext pages you fetch.

-    </p></li>

-      <li>Manage My Own Cookies (dangerous)<p> 

-    

-      This setting allows you to manage your own cookies with an alternate

-    extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,

-    since malicious exit nodes can spoof document elements that appear to be from

-    sites you have preserved cookies for (and can then do things like fetch your

-    entire gmail inbox, even if you were not using gmail or visiting any google

-    pages at the time!).

-    </p></li>

-      <li>Do not write Tor/Non-Tor cookies to disk<p> 

-    

-      These settings prevent Firefox from writing any cookies to disk during the

-      corresponding Tor state. If cookie jars are enabled, those jars will

-      exist in memory only, and will be cleared when Firefox exits.

-    </p></li>

-      <li>Disable DOM Storage during Tor usage (crucial)<p> 

-    

-      Firefox has recently added the ability to store additional state and

-      identifiers in persistent tables, called <a

-      href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.

-      Obviously this can compromise your anonymity if stored content can be

-      fetched across Tor-state.

-    </p></li>

-      <li>Clear HTTP auth sessions (recommended)<p> 

-    

-      HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site. 

-    </p></li>

-      <li>Clear cookies on Tor/Non-Tor shutdown<p> 

-    

-      These settings install a shutdown handler to clear cookies on Tor

-    and/or Non-Tor browser shutdown. It is independent of your Clear Private Data

-    settings, and does in fact clear the corresponding cookie jars.

-    </p></li>

-      <li>Prevent session store from saving Tor-loaded tabs (recommended)<p> 

-    

-      This option augments the session store to prevent it from writing out

-      Tor-loaded tabs to disk. Unfortunately, this also disables your ability to 

-      undo closed tabs. The reason why this setting is recommended is because

-      after a session crash, your browser will be in an undefined Tor state, and

-      can potentially load a bunch of Tor tabs without Tor. The following option

-      is another alternative to protect against this.

-    </p></li>

-      <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State<p> 

-    

-      This setting allows you to choose which Tor state you want the browser to

-      start in normally: Tor, Non-Tor, or whatever state the browser shut down in.

-    </p></li>

-      <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor<p> 

-    

-      When Firefox crashes, the Tor state upon restart usually is completely

-      random, and depending on your choice for the above option, may load 

-      a bunch of tabs in the wrong state. This setting allows you to choose

-      which state the crashed session should always be restored in to.

-    </p></li>

-      <li>Prevent session store from saving Non-Tor/Tor-loaded tabs<p> 

-    

-      These two settings allow you to control what the Firefox Session Store

-      writes to disk. Since the session store state is used to automatically

-      load websites after a crash or upgrade, it is advisable not to allow

-      Tor tabs to be written to disk, or they may get loaded in Non-Tor

-      after a crash (or the reverse, depending upon the crash recovery setting, 

-      of course).

-    </p></li>

-      <li>Set user agent during Tor usage (crucial)<p> 

-    

-      User agent masking is done with the idea of making all Tor users appear

-    uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this

-    string and supporting navigator.* properties, and this version will remain the

-    same for all TorButton versions until such time as specific incompatibility

-    issues are demonstrated. Uniformity of this value is obviously very important

-    to anonymity. Note that for this option to have full effectiveness, the user

-    must also allow Hook Dangerous Javascript ensure that the navigator.*

-    properties are reset correctly.  The browser does not set some of them via the

-    exposed user agent override preferences.

-    </p></li>

-      <li>Spoof US English Browser<p> 

-    

-    This option causes Firefox to send http headers as if it were an English

-    browser. Useful for internationalized users.

-    </p></li>

-      <li>Don't send referrer during Tor Usage<p> 

-    

-    This option disables the referrer header, preventing sites from determining

-    where you came from to visit them. This can break some sites, however. <a

-    href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.

-    A more streamlined, less intrusive version of this option should be available

-    eventually. In the meantime, <a

-    href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can

-    provide this functionality via a default option of <b>Forge</b>.

-    </p></li>

-    </ul>

-  </div>

+

+    <p>

+    Torbutton is the component in <a href="<page projects/torbrowser>">Tor

+    Browser Bundle</a> that takes care of application-level

+    security and privacy concerns in Firefox.  To keep you safe,

+    Torbutton disables many types of active content.

+    </p>

+  

+    <p>

+    Now that the <a href="<page projects/torbrowser>">Tor Browser

+    Bundle</a> includes a patched version of Firefox, and because we don't

+    have enough developer resources to keep up with the accelerated

+    Firefox release schedule, the toggle model of Torbutton is <a

+    href="https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton">no

+    longer supported</a>. <b>Users should be using Tor Browser Bundle,

+    not installing Torbutton themselves.</b>

+    </p>

+    </div>

   <!-- END MAINCOL -->

   <div id = "sidecol">

 #include "side.wmi"

@@ -2,7 +2,7 @@

 # Revision: $Revision$

 # Translation-Priority: 3-low

-#include "head.wmi" TITLE="Tor Project: Torbutton Options" CHARSET="UTF-8" ANNOUNCE_RSS="yes"

+#include "head.wmi" TITLE="Tor Project: Torbutton Options" CHARSET="UTF-8"

 <div id="content" class="clearfix">

 	<div id="breadcrumbs">

     <a href="<page index>">Home &raquo; </a>

@@ -2,7 +2,7 @@

 # Revision: $Revision$

 # Translation-Priority: 3-low

-#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"

+#include "head.wmi" TITLE="Tor Project: Torbutton Options" CHARSET="UTF-8" ANNOUNCE_RSS="yes"

 <div id="content" class="clearfix">

 	<div id="breadcrumbs">

     <a href="<page index>">Home &raquo; </a>

@@ -1,5 +1,5 @@

 ## translation metadata

-# Revision: $Revision: 0 $

+# Revision: $Revision$

 # Translation-Priority: 3-low

 #include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"

@@ -13,7 +13,7 @@

     <!-- PUT CONTENT AFTER THIS TAG -->

     <h2>Torbutton Options</h2>

-    <hr />

+    <hr>

     <p>Torbutton 1.2.0 adds several new security features to protect your

     anonymity from all the major threats we know about. The defaults should be

@@ -6,7 +6,7 @@

 <div id="content" class="clearfix">

 	<div id="breadcrumbs">

     <a href="<page index>">Home &raquo; </a>

-    <a href="<page torbutton/torbutton>">Torbutton &raquo; </a>

+    <a href="<page torbutton/index>">Torbutton &raquo; </a>

     <a href="<page torbutton/torbutton-options>">Torbutton Options</a>

   </div>

 	<div id="maincol">  

@@ -6,8 +6,8 @@

 <div id="content" class="clearfix">

 	<div id="breadcrumbs">

     <a href="<page index>">Home &raquo; </a>

-    <a href="<page torbutton>">TorButton &raquo; </a>

-    <a href="<page torbutton/torbutton-options>">TorButton Options</a>

+    <a href="<page torbutton/torbutton>">Torbutton &raquo; </a>

+    <a href="<page torbutton/torbutton-options>">Torbutton Options</a>

   </div>

 	<div id="maincol">  

     <!-- PUT CONTENT AFTER THIS TAG -->

@@ -6,9 +6,8 @@

 <div id="content" class="clearfix">

 	<div id="breadcrumbs">

     <a href="<page index>">Home &raquo; </a>

-    <a href="<page projects/projects>">Projects &raquo; </a>

-    <a href="<page projects/torbutton>">TorButton &raquo; </a>

-    <a href="<page projects/torbutton-options>">TorButton Options</a>

+    <a href="<page torbutton>">TorButton &raquo; </a>

+    <a href="<page torbutton/torbutton-options>">TorButton Options</a>

   </div>

 	<div id="maincol">  

     <!-- PUT CONTENT AFTER THIS TAG -->

new file mode 100644

@@ -0,0 +1,274 @@

+## translation metadata

+# Revision: $Revision: 0 $

+# Translation-Priority: 3-low

+

+#include "head.wmi" TITLE="Tor Project: Projects Overview" CHARSET="UTF-8" ANNOUNCE_RSS="yes"

+<div id="content" class="clearfix">

+	<div id="breadcrumbs">

+    <a href="<page index>">Home &raquo; </a>

+    <a href="<page projects/projects>">Projects &raquo; </a>

+    <a href="<page projects/torbutton>">TorButton &raquo; </a>

+    <a href="<page projects/torbutton-options>">TorButton Options</a>

+  </div>

+	<div id="maincol">  

+    <!-- PUT CONTENT AFTER THIS TAG -->

+    

+    <h2>Torbutton Options</h2>

+    <hr />

+    

+    <p>Torbutton 1.2.0 adds several new security features to protect your

+    anonymity from all the major threats we know about. The defaults should be

+    fine (and safest!) for most people, but in case you are the tweaker type,

+    or if you prefer to try to outsource some options to more flexible extensions,

+    here is the complete list. (In an ideal world, these descriptions should all be

+    tooltips in the extension itself, but Firefox bugs <a

+    href="https://bugzilla.mozilla.org/show_bug.cgi?id=45375">45375</a> and <a

+    href="https://bugzilla.mozilla.org/show_bug.cgi?id=218223">218223</a> currently

+    prevent this.)</p>

+    

+    <ul>

+     <li>Disable plugins on Tor Usage (crucial)<p> 

+    

+      This option is key to Tor security. Plugins perform their own networking

+    independent of the browser, and many plugins only partially obey even their own

+    proxy settings.

+    </p></li>

+      <li>Isolate Dynamic Content to Tor State (crucial)<p> 

+    

+      Another crucial option, this setting causes the plugin to disable Javascript

+      on tabs that are loaded during a Tor state different than the current one,

+      to prevent delayed fetches of injected URLs that contain unique identifiers,

+      and to prevent meta-refresh tags from revealing your IP when you turn off

+      Tor. It also prevents all fetches from tabs loaded with an opposite Tor

+      state. This serves to block non-Javascript dynamic content such as CSS

+      popups from revealing your IP address if you disable Tor.

+    </p></li>

+      <li>Hook Dangerous Javascript (crucial)<p> 

+    

+    This setting enables the Javascript hooking code. Javascript is injected into

+    pages to hook the Date object to mask your timezone, and to hook the navigator

+    object to mask OS and user agent properties not handled by the standard

+    Firefox user agent override settings.

+    </p></li>

+      <li>Resize window dimensions to multiples of 50px on toggle (recommended)<p> 

+    

+    To cut down on the amount of state available to fingerprint users uniquely, 

+    this pref causes windows to be resized to a multiple of 50 pixels on each

+    side when Tor is enabled and pages are loaded.

+    </p></li>

+      <li>Disable Updates During Tor (recommended)<p> 

+    

+    Under Firefox 2, many extension authors did not update their extensions from 

+    SSL-enabled websites. It is possible for malicious Tor nodes to hijack these extensions and replace them with malicious ones, or add malicious code to 

+    existing extensions. Since Firefox 3 now enforces encrypted and/or

+    authenticated updates, this setting is no longer as important as it once

+    was (though updates do leak information about which extensions you have, it is

+    fairly infrequent).

+    </p></li>

+      <li>Disable Search Suggestions during Tor (optional)<p> 

+    

+    This optional setting governs if you get Google search suggestions during Tor

+    usage. Since no cookie is transmitted during search suggestions, this is a

+    relatively benign behavior.

+    </p></li>

+      <li>Block Livemarks updates during Tor usage (recommended)<p> 

+    

+    This setting causes Torbutton to disable your <a

+    href="http://www.mozilla.com/firefox/livebookmarks.html">Live bookmark</a>

+    updates. Since most people use Live bookmarks for RSS feeds from their blog,

+    their friends' blogs, the wikipedia page they edit, and other such things,

+    these updates probably should not happen over Tor. This feature takes effect

+    in Firefox 3.5 and above only.

+    

+    </p></li>

+      <li>Block Tor/Non-Tor access to network from file:// urls (recommended)<p> 

+    

+    These settings prevent local html documents from transmitting local files to

+    arbitrary websites <a href="http://www.gnucitizen.org/blog/content-disposition-hacking/">under Firefox 2</a>. Since exit nodes can insert headers that

+    force the browser to save arbitrary pages locally (and also inject script into

+    arbitrary html files you save to disk via Tor), it is probably a good idea to

+    leave this setting on.

+    </p></li>

+      <li>Close all Non-Tor/Tor windows and tabs on toggle (optional)<p> 

+    

+    These two settings allow you to obtain a greater degree of assurance that

+    after you toggle out of Tor, the pages are really gone and can't perform any

+    extra network activity. Currently, there is no known way that pages can still

+    perform activity after toggle, but these options exist as a backup measure

+    just in case a flaw is discovered. They can also serve as a handy 'Boss

+    Button' feature for clearing all Tor browsing off your screen in a hurry.

+    </p></li>

+      <li>Isolate access to history navigation to Tor state (crucial)<p> 

+    

+    This setting prevents both Javascript and accidental user clicks from causing

+    the session history to load pages that were fetched in a different Tor state

+    than the current one. Since this can be used to correlate Tor and Non-Tor

+    activity and thus determine your IP address, it is marked as a crucial 

+    setting.

+    </p></li>

+      <li>Block History Reads during Tor (crucial)<p> 

+    

+      Based on code contributed by <a href="http://www.collinjackson.com/">Collin

+      Jackson</a>, when enabled and Tor is enabled, this setting prevents the

+    rendering engine from knowing if certain links were visited.  This mechanism

+    defeats all document-based history disclosure attacks, including CSS-only

+    attacks.

+    </p></li>

+      <li>Block History Reads during Non-Tor (recommended)<p> 

+    

+      This setting accomplishes the same but for your Non-Tor activity.

+    </p></li>

+      <li>Block History Writes during Tor (recommended)<p> 

+    

+      This setting prevents the rendering engine from recording visited URLs, and

+    also disables download manager history. Note that if you allow writing of Tor history,

+    it is recommended that you disable non-Tor history reads, since malicious

+    websites you visit without Tor can query your history for .onion sites and

+    other history recorded during Tor usage (such as Google queries).

+    </p></li>

+      <li>Block History Writes during Non-Tor (optional)<p> 

+    

+    This setting also disables recording any history information during Non-Tor

+    usage.

+    </p></li>

+    <li>Clear History During Tor Toggle (optional)<p> 

+    

+      This is an alternate setting to use instead of (or in addition to) blocking

+    history reads or writes.

+    </p></li>

+      <li>Block Password+Form saving during Tor/Non-Tor<p> 

+    

+      These options govern if the browser writes your passwords and search

+      submissions to disk for the given state.

+    </p></li>

+      <li>Block Tor disk cache and clear all cache on Tor Toggle<p> 

+    

+      Since the browser cache can be leveraged to store unique identifiers, cache

+    must not persist across Tor sessions. This option keeps the memory cache active

+    during Tor usage for performance, but blocks disk access for caching.

+    </p></li>

+      <li>Block disk and memory cache during Tor<p> 

+    

+      This setting entirely blocks the cache during Tor, but preserves it for

+    Non-Tor usage.

+    </p></li>

+      <li>Clear Cookies on Tor Toggle<p> 

+    

+      Fully clears all cookies on Tor toggle.

+    </p></li>

+      <li>Store Non-Tor cookies in a protected jar<p> 

+    

+      This option stores your persistent Non-Tor cookies in a special cookie jar

+      file, in case you wish to preserve some cookies. Based on code contributed

+      by <a href="http://www.collinjackson.com/">Collin Jackson</a>. It is

+      compatible with third party extensions that you use to manage your Non-Tor

+      cookies. Your Tor cookies will be cleared on toggle, of course.

+    </p></li>

+      <li>Store both Non-Tor and Tor cookies in a protected jar (dangerous)<p> 

+    

+      This option stores your persistent Tor and Non-Tor cookies 

+      separate cookie jar files. Note that it is a bad idea to keep Tor

+      cookies around for any length of time, as they can be retrieved by exit

+      nodes that inject spoofed forms into plaintext pages you fetch.

+    </p></li>

+      <li>Manage My Own Cookies (dangerous)<p> 

+    

+      This setting allows you to manage your own cookies with an alternate

+    extension, such as <a href="https://addons.mozilla.org/firefox/addon/82">CookieCuller</a>. Note that this is particularly dangerous,

+    since malicious exit nodes can spoof document elements that appear to be from

+    sites you have preserved cookies for (and can then do things like fetch your

+    entire gmail inbox, even if you were not using gmail or visiting any google

+    pages at the time!).

+    </p></li>

+      <li>Do not write Tor/Non-Tor cookies to disk<p> 

+    

+      These settings prevent Firefox from writing any cookies to disk during the

+      corresponding Tor state. If cookie jars are enabled, those jars will

+      exist in memory only, and will be cleared when Firefox exits.

+    </p></li>

+      <li>Disable DOM Storage during Tor usage (crucial)<p> 

+    

+      Firefox has recently added the ability to store additional state and

+      identifiers in persistent tables, called <a

+      href="http://developer.mozilla.org/docs/DOM:Storage">DOM Storage</a>.

+      Obviously this can compromise your anonymity if stored content can be

+      fetched across Tor-state.

+    </p></li>

+      <li>Clear HTTP auth sessions (recommended)<p> 

+    

+      HTTP authentication credentials can be probed by exit nodes and used to both confirm that you visit a certain site that uses HTTP auth, and also impersonate you on this site. 

+    </p></li>

+      <li>Clear cookies on Tor/Non-Tor shutdown<p> 

+    

+      These settings install a shutdown handler to clear cookies on Tor

+    and/or Non-Tor browser shutdown. It is independent of your Clear Private Data

+    settings, and does in fact clear the corresponding cookie jars.

+    </p></li>

+      <li>Prevent session store from saving Tor-loaded tabs (recommended)<p> 

+    

+      This option augments the session store to prevent it from writing out

+      Tor-loaded tabs to disk. Unfortunately, this also disables your ability to 

+      undo closed tabs. The reason why this setting is recommended is because

+      after a session crash, your browser will be in an undefined Tor state, and

+      can potentially load a bunch of Tor tabs without Tor. The following option

+      is another alternative to protect against this.

+    </p></li>

+      <li>On normal startup, set state to: Tor, Non-Tor, Shutdown State<p> 

+    

+      This setting allows you to choose which Tor state you want the browser to

+      start in normally: Tor, Non-Tor, or whatever state the browser shut down in.

+    </p></li>

+      <li>On crash recovery or session restored startup, restore via: Tor, Non-Tor<p> 

+    

+      When Firefox crashes, the Tor state upon restart usually is completely

+      random, and depending on your choice for the above option, may load 

+      a bunch of tabs in the wrong state. This setting allows you to choose

+      which state the crashed session should always be restored in to.

+    </p></li>

+      <li>Prevent session store from saving Non-Tor/Tor-loaded tabs<p> 

+    

+      These two settings allow you to control what the Firefox Session Store

+      writes to disk. Since the session store state is used to automatically

+      load websites after a crash or upgrade, it is advisable not to allow

+      Tor tabs to be written to disk, or they may get loaded in Non-Tor

+      after a crash (or the reverse, depending upon the crash recovery setting, 

+      of course).

+    </p></li>

+      <li>Set user agent during Tor usage (crucial)<p> 

+    

+      User agent masking is done with the idea of making all Tor users appear

+    uniform. A recent Firefox 2.0.0.4 Windows build was chosen to mimic for this

+    string and supporting navigator.* properties, and this version will remain the

+    same for all TorButton versions until such time as specific incompatibility

+    issues are demonstrated. Uniformity of this value is obviously very important

+    to anonymity. Note that for this option to have full effectiveness, the user

+    must also allow Hook Dangerous Javascript ensure that the navigator.*

+    properties are reset correctly.  The browser does not set some of them via the

+    exposed user agent override preferences.

+    </p></li>

+      <li>Spoof US English Browser<p> 

+    

+    This option causes Firefox to send http headers as if it were an English

+    browser. Useful for internationalized users.

+    </p></li>

+      <li>Don't send referrer during Tor Usage<p> 

+    

+    This option disables the referrer header, preventing sites from determining

+    where you came from to visit them. This can break some sites, however. <a

+    href="http://www.digg.com">Digg</a> in particular seemed to be broken by this.

+    A more streamlined, less intrusive version of this option should be available

+    eventually. In the meantime, <a

+    href="https://addons.mozilla.org/firefox/addon/953">RefControl</a> can

+    provide this functionality via a default option of <b>Forge</b>.

+    </p></li>

+    </ul>

+  </div>

+  <!-- END MAINCOL -->

+  <div id = "sidecol">

+#include "side.wmi"

+#include "info.wmi"

+  </div>

+  <!-- END SIDECOL -->

+</div>

+<!-- END CONTENT -->

+#include <foot.wmi>