There are a few tools that make Tor (SecureSessions) more effective.
Because Tor has no clue what data is flowing through its circuits, using Tor without Privoxy is nearly pointless in terms of improving security while browsing online resources. Privoxy is very good at filtering out many of outbound privacy leaks that allow tracking of your identity, online activity & interests. Why should you have to explain to anyone your fascination with underwater acoustic detonators? Privoxy is highly configurable, but unfortunately, unless you have a scripting background, its a little daunting to customize. However the No-Script add-on is an important tool in that it allows you halt the execution of all javascript, then pick and choose which scripts you'd like to allow to run. It also allows you to review the list of domains where the scripts are being served from, allowing you to avoid javascript injection attacks and other web surfing dangers.
Using insecure protocols through Tor is another consideration that one must make. For instance, browsing websites is a risk that users will have to decide. Using insecure authentication or messaging protocols through Tor is just plain stupid. Regardless of where you are in the world, if anyone is capturing traffic between the exit relay and your destination, they will get your creds if you authenticate through an insecure protocol. If someone cracks into the server on which you insecurely authenticate, they will have your creds. If someone is running an exit relay and capturing traffic that goes in and out of that relay, and say you access an account via an insecure authentication protocol, they will have your creds.
Is the message clear now? ha ha, just kidding.
Do not use unencrypted protocols through Tor.
Use NoScript
Never use Tor without Privoxy, Period.
Never, ever, ever (EVER) use Internet Explorer for public web surfing.
Always use the latest version of FireFox or Opera.
Use a separate FireFox profile when using Tor.
Set that profile to clean out everything when your session ends and begins, by checking the "Always clear my private data when I close Firefox" checkbox. Disable all cookies.
Force dns requests into Tor, in FireFox about:config, set network.proxy.socks_remote_dns to "True".
Read this posting.
Use a webproxy, like Privoxy.
Use NoScript.
Use Flashblock.
Be Security-Minded.
If you're not sure, DONT CLICK ON IT!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment