Torbutton

*google* to go via Non-Tor will still cause you to end up in all the logs of all websites that use Google Analytics! See this question on the FoxyProxy FAQ for more information. 3. NoScript Torbutton currently mitigates all known anonymity issues with Javascript. While it may be tempting to get better security by disabling Javascript for certain sites, you are far better off with an all-or-nothing approach. NoScript is exceedingly complicated, and has many subtleties that can surprise even advanced users. For example, addons.mozilla.org verifies extension integrity via Javascript over https, but downloads them in the clear. Not adding it to your whitelist effectively means you are pulling down unverified extensions. Worse still, using NoScript can actually disable protections that Torbutton itself provides via Javascript, yet still allow malicious exit nodes to compromise your anonymity via the default whitelist (which they can spoof to inject any script they want).6. Which Firefox extensions do you recommend? 1. RefControl Mentioned above, this extension allows more fine-grained referrer spoofing than Torbutton currently provides. It should break less sites than Torbutton's referrer spoofing option. 2. SafeCache If you use Tor excessively, and rarely disable it, you probably want to install this extension to minimize the ability of sites to store long term identifiers in your cache. This extension applies same origin policy to the cache, so that elements are retrieved from the cache only if they are fetched from a document in the same origin domain as the cached element.7. Are there any other issues I should be concerned about? There is currently one known unfixed security issue with Torbutton: it is possible to unmask the javascript hooks that wrap the Date object to conceal your timezone in Firefox 2, and the timezone masking code does not work at all on Firefox 3.

Torbutton is a 1-click way for Firefox users to enable or disable thebrowser's use of Tor. It adds a panel to the statusbar that says "TorEnabled" (in green) or "Tor Disabled" (in red). The user may click on thepanel to toggle the status. If the user (or some other extension) changesthe proxy settings, the change is automatically reflected in thestatusbar.Some users may prefer a toolbar button instead of a statusbar panel. Sucha button is included, and one adds it to the toolbar by right-clicking onthe desired toolbar, selecting "Customize...", and then dragging theTorbutton icon onto the toolbar. There is an option in the preferences tohide the statusbar panel (Tools->Extensions, select Torbutton, and clickon Preferences).Newer Firefoxes have the ability to send DNS resolves through the socksproxy, and Torbutton will make use of this feature if it is available inyour version of Firefox. FAQ1. I can't click on links or hit reload after I toggle Tor! Why? Due to Firefox Bug 409737, pages can still open popups and perform Javascript redirects and history access after Tor has been toggled. These popups and redirects can be blocked, but unfortunately they are indistinguishable from normal user interactions with the page (such as clicking on links, opening them in new tabs/windows, or using the history buttons), and so those are blocked as a side effect. Once that Firefox bug is fixed, this degree of isolation will become optional (for people who do not want to accidentally click on links and give away information via referrers). A workaround is to right click on the link, and open it in a new tab or window. The tab or window won't load automatically, but you can hit enter in the URL bar, and it will begin loading. Hitting enter in the URL bar will also reload the page

You allow history writing during Tor.5. Which Firefox extensions should I avoid using? This is a tough one. There are thousands of Firefox extensions: making a complete list of ones that are bad for anonymity is near impossible. However, here are a few examples that should get you started as to what sorts of behavior are dangerous. 1. StumbleUpon, et al These extensions will send all sorts of information about the websites you visit to the stumbleupon servers, and correlate this information with a unique identifier. This is obviously terrible for your anonymity. More generally, any sort of extension that requires registration, or even extensions that provide information about websites you visit should be suspect. 2. FoxyProxy While FoxyProxy is a nice idea in theory, in practice it is impossible to configure securely for Tor usage without Torbutton. Like all vanilla third party proxy plugins, the main risks are plugin leakage and history disclosure, followed closely by cookie theft by exit nodes and tracking by adservers (see the Torbutton Adversary Model for more information). However, even with Torbutton installed in tandem and always enabled, it is still very difficult (though not impossible) to configure FoxyProxy securely. Since FoxyProxy's 'Patterns' mode only applies to specific urls, and not to an entire tab, setting FoxyProxy to only send specific sites through Tor will still allow adservers to still learn your real IP. Worse, if those sites use offsite logging services such as Google Analytics, you may still end up in their logs with your real IP. Malicious exit nodes can also cooperate with sites to inject images into pages that bypass your filters. Setting FoxyProxy to only send certain URLs via Non-Tor is much more viable, but be very careful with the filters you allow. For example, something as simple as allowing