Thread replies: 66
Thread images: 6
Thread images: 6
File: tor-logo.jpg (4KB, 150x101px) Image search:
[Google]
4KB, 150x101px
A lot of people on TOR cry about js based onion sites. Can anyone show solid proof that JS will expose you?
If you are making a claim, you must be able to start an onion site and expose anyone who goes on it, if you can't and still shitposting, stfu and leave this board, you don't belong here.
>>
>>62013777
https://browserleaks.com/javascript
>>
>solid proof
JS is a class of fucking attacks
This is like asking for proof that cars are dangerous
>>
>>62013777
> wonders why even non tor browsers warn against Javascript
> wants proof
>>
>>62013777
https://ipleak.net/
>>
There are some nasty things JS can do
>JS can get list of your fonts
mostly one in 10000
>HTML5 canvas fingerprint
one in 500000
>WebGL canvas fingerprint
one in 200000
>JS can scan your local network
>JS can identify your OS and architecture even when spoofed (with certain math operations)
However Tor Browser turns off many of these by default even for the lowest security setting. Many attacks against Tor were in times where there was no tor browser, through plugin system or weird behaviours like auto-opening pdf or other formats.
Beside facebook I haven't heard of any other website doing shit like fingerprinting your mouse movement, typing and how you browse the website in general. This might be just paranoia, but still JS-based.
Overall Tor is slow, bad JS can make website big and slow. The website keeps it light and mostly works with JS turned off, then why not.
>>
>>62014086
really no other useful information than system time
>>62014195
ran it in my tor, not even in tails and it doesn't show jack shit.
>>62014105
>JS is a class of fucking attacks
js is the language of the browser engine.
it's like calling an exploit in a C language a C class of attacks. Just gtfo
>>62014275
THIS. Could not have said it better myself. Someone please pin this. Only exploits were browser exploits, had nothing to do with JS. Or if you were stupid enough to download lets say a docx file that had remote content.
Browsers nowdays are very secure. I would actually like to see a Chromium based TOR browser (https://www.chromium.org/Home) .
>>
>>62015626
Of course there's nothing to do with JS, but you shouldn't enable it if you don't want to be fingerprinted while using TOR.
>>
>>62013777
Better safe than sorry. You need to prove it doesn't expose you, not the other way around.
>>
>>62013777
It has happened with people using outdated tor browsers.
However, you're fine if you use a virtual machine like Whonix. Whonix is so fucking easy to setup that there is no reason not to use it.
>>
>>62015754
Depends on what you browse over TOR. sometimes you might not care about being fingerprinted (they can only link the places you visited where they have fingerprinting in place to a single user), only care that your location stays anonymous.
>>
>>62015797
actually it is the other way around. Needs to be proven that it isn't safe. That's how everything works. All software is safe unless it has a loophole. By your logic, TOR/Tails and everything else isn't safe because it is not really possible to proof 100% they are, since they could still have bugs that are not found.
>>
>>62015835
I prefer tails to Whonix.
>>
File: tor_levels.png (450KB, 1024x768px) Image search:
[Google]
450KB, 1024x768px
>>
https://www.digitaltrends.com/web/javascript-malware-mobile/
>>
>>62016543
pic makes no sense
>>
>he doesnt understand how a non audited binary script could be dangerous
back to the drawing board OP
>>
Why is JS even standard now for websites? Why does every website need fucking JavaScript to display information.
What happened to HTML+CSS and (maybe PHP when necessary) ?
>>
File: unknown-2.png (288KB, 1200x872px) Image search:
[Google]
288KB, 1200x872px
>>
>>62016505
>All software is safe unless it has a loophole
Not when you're doing shady shit on the deepweb
>By your logic, TOR/Tails and everything else isn't safe
My point exactly. If it was, you wouldn't see hidden services repeatedly shutdown by the FBI and their owners arrested.
You can take steps to reduce your risk but never for a moment assume TOR or any privacy protecting software is 'safe'
>>
>>62014275
OH NO NOT MY FONTS, HOW WILL I EVER RECOVER WHEN MY FONTS GET EXPOSED TO ALL THE WORLD.
>>
>>62017034
>Thinking it's about the fonts
Meta Fail
>>
>>62015626
>Someone please pin this.
go back to r*dd*t
>>
>>62013777
who need JS ?
>>
>>62016607
> blaming that on js
they are just brute forcing your router. don't put admin:password123 as your password and you'll be fine. i.e. don't be a fucking moron.
>>
>>62016706
> not audited binary script
> relevant to js
did you even read?
>>62016841
html+css only sucks. and PHP is the worst language I have ever came across in my entire life. I rather write assembly code than PHP. It's fucking cancer.
>>
>>62016923
> that pic
by that logic shut down all roads do not let anyone outside. That will reduce crime.
>>
>>62017263
my bad gotten used to discord too much
>>
>>62016923
Actually it is useful when you live under a dictatorship or you're a journalist in an oppressive country. So that pic is just omitting the good purposes Tor can be used for.
>>
>>62013777
>TOR
It's Tor you mong
>>
Everyone concerned with OPSec at any level really should operate on, as Schneier calls it, the conspiracy model
Nothing is safe and everyone is out to get you, you can't assume things for your own convenience
On a general basis though, I doubt that your average person would actually need to worry about that
I just block (some) JS that is completely useless to a site, eg doubleclick.net and the like
Also some that is necessary to the site, if the site itself is bloat incarnate (CNN.com)
>>
>>62017667
The Onion Router i.e. TOR. just cause Tor is easier to write doesn't make it true you abomination of humanity.
>>
>>62015626
Tor has to have time be perfectly synchronized. This means local time can be used in pinpointing user location. UTC or bust.
>>
>>62017503
>brute forcing
>default password
Choose one
>>
>>62016543
>people still don't know the difference between LARP and RP
or is this some new dank meme I missed while I was away
>>
>>62017565
>using the web 2.0 botnet
>>
>>62017845
can be used to pinpoint user's country. That's it.
>>
>>62017952
not using the best voice chat app I have ever come across for vidya. or maybe you have no friends to talk to
>>
>>62018011
Enjoy your Facebook Messenger Gaymen Edition
>>
>>62017756
No one who knows what they're talking about spells it that way.
>>
File: 1443887509338.jpg (72KB, 752x816px) Image search:
[Google]
72KB, 752x816px
At first I thought op was a troll but damn nobody can seem to dispute him. I guess JavaScript isn't that bad after all. It was just a boogeyman meme.
>>
>>62013777
You idiot, it takes a vulnerability to expose you, not the use of JS. Otherwise it would have been off by default. The vulnerability could be inside JS engine or in other areas in the browser. JS could make exploiting those other vulnerabilities possible or easier (at least that was the case before).
>>
im sure someone will drop an 0day just to prove you wrong, OP, faggot
>>
>>62017023
It's Tor, and Tor wont stop you from having bad opsec or being an idiot, which is the #1 reason hidden services get shut down
>>
>>62013777
>Can anyone show solid proof that JS will expose you?
Do you know what JS is?
>>
>>62018000
Lel. Sure if you are a eurofag. Plenty of countries span more than one time zone. Even then it can be used to find the closest NTP server.
>>
>>62013777
It does not need to be full exposure. It only need to track you even partially in order for a sane person to disable it.
Moreover most browser security issues are related to JS so this is a good reason by itself to disable it.
Anyhow, with js you can track the movements that one does with the mouse, tab focus, clicks, and many other things.
>>
>>62015626
>Someone please pin this
???
>Chromium
Why? It's shit with a lot of tabs.
Also, why would you link it? Everyone here knows about it.
>>
>>62016543
She was one of the people that were shitting on djb and were against appelbaum.
>>
>>62016505
>Needs to be proven that it isn't safe. That's how everything works.
lie.
easily demonstrated lie, at that.
>>
>>62013777
it's a security vector that's been exploited many times. The fact that they leave it enabled by default should tell you alot about them.
>>
>>62016923
kys
>>
>>62018225
Well, what are you waiting for? Go ahead and enable it while browsing sketchy .onion sites.
I'll see your news article on the DailyMail in approximately 2 months. Enjoy.
>>
>>62018225
does my palm smell like strawberries to you?
>>
>>62014275
most attacks on tor were done by idiots that logged in in sites like facebook and twitter. Just leave a honeypot server as an exit node open and you will get results. The thing is that social media idiots are not using always tor, so even with a warrant to an ISP or facebook you can cross reference IPs and identities
>>
the freedom hosting takedown proved that js is insecure
if any of you retards stopped shitposting long enough to read one article then you would know this. a thread died just so someone could make a fool of himself
>>
>>62020112
> duur huur, what is penetration testing
> oh we try to break things to prove they are 100% they are safe
are you dumb? just kill self. you can never prove anything non mathematical is 100% unbreakable.
>>
>>62020182
been doing that for years and still out of the papers. only idiots who don't actually know the issue disable it to pretend they are safe. the most common attacks on deanonymising doesn't even involve JS!
>>
>>62020298
Pretty dumb statement to counter his proposition cause you have all the tools available to you to provide a claim.
>>
File: IDIOTS.jpg (22KB, 565x112px) Image search:
[Google]
22KB, 565x112px
>>62021527
> being this retarded
Only users who did update were affected!
>>
>>62021902
(you)
shit thread op
>>
File: 1502816046023.jpg (21KB, 294x338px) Image search:
[Google]
21KB, 294x338px
>>62013777
>>62017866
>>62018000
>>62018011
>>62020133
Checked
>>
>>62013777
Why do people keep referring to TOR as a browser?
>>
>>62016923
> Yeah I'm aware that stop selling alchool would significantly decrease death by car crashes.
> Yeah I'm aware than stop selling knifes would significantly decrease death by stab.
> Yeah I'm aware that stop allowing weapons would significantly decrease homicides.
> Yeah I'm aware than stop selling cars would significantly decrease car crashes.
>>
>>62022087
Tor and Tor Browser are separate things.
Tor Browser is a fork of Firefox, that uses the Tor network by default, and which also has a great number of privacy changes.
Tor Browser is the recommended way to use Tor, and if you use Tor through a different network you may be compromising yourself by making yourself more trackable.
>>
>>62021902
were not affected*
Thread posts: 66
Thread images: 6
Thread images: 6