ICMag, SB and Javascript

[TheGreenMachine]

I searched but could not find anything on this.

As much as everyone speaks about security and anonimity here, I am somewhat shocked that no one has posted about the use of Javascript within these sites and how it can circumvent the security posters have taken. Javascript can make calls that bypass proxy services and reveal your true IP. I realize that the operators here have made it known that all IPs are stored only momenterily during login, but what about SB? I ask, because in order to change currencies you have to have Javascript enabled. I see that alone as an overlooked security flaw for the aforementioned reason. I have not attempted to order online, but what about the order process and what happens to sensitive data once the transaction is complete and the session terminated?

 

[TheGreenMachine]

Wow. I figured this would have a response already.

Perhaps I should re-post this in the Security forum?

 

[oldpink]

perhaps you should check your facts

 

[Guest]

 

[TheGreenMachine]

perhaps you should check your facts

Care to enlighten me then? If it isn't an issue, then tell me why.

I use TOR and have read specifically that Javascript calls can return your real IP address.

 

[ballast]

Java can do what you are describing, but Javascript on a trustworthy site is little to worry about. the Tor docs cover this concern. if you are using Firefox you might want to get the NoScript extension, very handy for whitelisting which sites to allow javascript on. hope it helps.

 

[TheGreenMachine]

Java can do what you are describing, but Javascript on a trustworthy site is little to worry about. the Tor docs cover this concern. if you are using Firefox you might want to get the NoScript extension, very handy for whitelisting which sites to allow javascript on. hope it helps.

I do use NoScript as FF is the only browser I would use to hit "questionable" sites. However, as I stated, this site and SeedBoo require JS for certain functions (like accessing user settings, or changing currencies).

After what happened with OG (I was away when it all went down), I am more cautious than ever. TOR has proven to solve half the issue, JS was the other. You have at least laid my concerns with these two particular sites to rest as I have heard pretty much nothing but good over the years about GN and the way he runs his business. I am assuming Sbay is kosher as well?

Thanks, ballast.

 

[ballast]

yeah TheGreenMachine, Sbay excellent too from all i've heard. had the same sorts of questions when i registered here, after a while you learn whats what. check the security forum, lotsa good stuff in there.

the thing about javascript is the source code is viewable in the browser, so if there were anything funny going on here we'd hear about it.

grow safe

 

[oldpink]

the thing about javascript is the source code is viewable in the browser, so if there were anything funny going on here we'd hear about it

also it depends on what settings you have in your browser or what browser you use
personally I always recomend firefox if your worried, set to max security

 

[ballast]

also it depends on what settings you have in your browser or what browser you use
personally I always recomend firefox if your worried, set to max security

Open-source Firefox all the way man, no telling what secret backdoors the proprietary browsers might have nowdays. switching from IE was quite painless.

 

[KingRalph]

the servers sb n icmag are on are in a'dam, and the java n javascripting is all either client side (you) or server-side on their own servers, there are no third party extensions running making connections... java circumvents your tor+privoxy because your own security settings are wrong... you need to route java traffic throughs socks 5 proxy to tor with 127.0.0.1 port 9050

ya need to know things before you sling paranoid accusations, chill out and get your own things in check if you're worried

 

[ballast]

good stuff man, was wondering about the java chat here too, no worries now

 

[TheGreenMachine]

the servers sb n icmag are on are in a'dam, and the java n javascripting is all either client side (you) or server-side on their own servers, there are no third party extensions running making connections... java circumvents your tor+privoxy because your own security settings are wrong... you need to route java traffic throughs socks 5 proxy to tor with 127.0.0.1 port 9050

ya need to know things before you sling paranoid accusations, chill out and get your own things in check if you're worried

I was in no way accusing this site, SeedBoo, or its' operators of anything sketchy. I think you should read my post over again.

I was asking a very valid question that appeared to never have been asked via a search of the boards. I know of GN's rep, so I assumed all was safe. All I wanted was a clear-cut answer, which you and ballast have managed to provide - thank you. My settings are set appropriately according to the TOR/Vidalia instructions. I did not know that JS calls where routed through socks 5, or I would have never asked the question to begin with. I just recalled reading about the fact that JS can be used to bypass such settings, so I wanted to confirm said info with the good folks of this board.

 

[KingRalph]

yeah java works on its own outside of your browser, so you have to specifically route it through socks 5 proxy to TOR for it to be secure. no worries. maybe see ya in there after ya post around a bit more. peace