A little birdie named Mental Outlaw whispered into my ear that the Tor Project has failed to fix BGP routing problems, issues with the NoScript settings, and the static user agent.

First of all, BGP routing problems don’t just affect Tor. They affect all kinds of network architecture like VPNs and certificate authorities. While I don’t have a complete understanding, the attacks presented by Princeton University’s team against Tor are not unique. A similar attack was documented by Certik against the crypto exchange KLAYswap. By that point, this seems out of scope of Tor when all of us could be hit.

Second, I’m not familiar with the specifics of what NoScript is doing, but the team has expressed that they need more data for building more up-to-date NoScript profiles. Seeing as I’m one of the only people on the planet who uses uBlock Origin advanced mode, I don’t know what the expectation is here nor what should be blocked in each mode except Default. The Tor security settings made sense back when NoScript was the only game in town, but there are plans integrating uBlock Origin into Tor and it’s going to take some time.

Third, on the Tor Browser no longer changing the user agent to Windows, user agents have long been broken. I constantly get questions on old videos and I’ll say it here, stop using user agent switchers. As long as you know what user agent you want (e.g. Chrome on Mac), you can use the responsive design mode in Firefox or “Inspect Element” in Chromium to change it. This feature exists for people who are web designers or app makers to test compatibility and responsiveness of their sites or apps.

Changing your user agent can fool certain scripts, but other scripts easily bypass it using fonts/CSS detection and find some way to detect your true operating system. Since Apple created Apple Silicon, the Tor Browser has reported the accurate “Firefox ESR on Mac” user agent because they mostly still are the only ARM users of the Tor Browser. When you think about it this way, it makes changing your user agent detrimental to your privacy because only weirdos and web devs change their user agent.

Fourth and finally, maybe consider not trusting sources that only show their sources in screenshots and make me go down rabbit holes online and yank things out of my brain. He clearly doesn’t know anything about Fair Use when he watched Reddit videos in a livestream with no meaningful commentary, previously claimed Proton is a honeypot without provided substantial proof, stole thumbnails from other YouTubers to use in videos, or complained about politics/open source rather than helping people or fixing problems. I hope one day the feds would pay me the money some people will likely accuse me of making. Maybe consider not getting your news from YouTubers, including me, especially when they use awful sources like Linuxiac, the Register, Tech Radar, Reddit, and X (formerly Twitter). This kind of critical thinking is taught in school to fifth graders or students in primary school.

Oh and happy Saturday to you all. I realized Meta Connect is this Wednesday, so I’ve had to slow down video production until it’s over. Shorts will be out for the last 4 tech events I’ve watched over the last 2 months, commentaries are out for Patrons/YouTube members, and the groundwork for 2 videos have been laid out, including one about the mythical Windows 12.