Preventing IP Address Leaks with the NoScript Firefox Extension
The Problem
Though Web extras like Java, JavaScript, and Flash are useful (and even required on some sites), but their utility is a double-edged sword. This is because these technologies make it possible for curious or malicious admins to discover what your true IP address is- even if you're using an anonymizer like Tor! Fortunately, there is a way to resolve this problem if you use recent versions (v.1.0+) of the Firefox web browser.
The Solution: NoScript
The simplest (and by far the easiest) way to prevent Java, etc. security problems is to disable these functions entirely via the Options/Web Features menu in Firefox. However, this measure puts you at a disadvantage when trying to view trusted websites that utilize these features. What if there was a way to enable/disable this on a per-site or per-session basis? The browser does not support this ability natively, but you can get this functionality with the help of NoScript, an add-on or "extension" for Firefox. With NoScript, you will be able to disable potentially insecure features by default for all websites. If you choose to trust a site, you can then enable Java/JS functionality.
NoScript Usage
After installing the extension and restarting your browser, you will see a little "Crossed-out 'S'" icon in the bottom right area of the browser window. This is the NoScript status icon, which shows you whether a site's scripts/plug-ins are blocked or not. Clicking it will reveal a small list of program functions.
At first glance, you should see a number of self-explanatory options, namely those related to partially or completely blocking dangerous code for the website you're currently viewing. By default, all websites will have their scripts blocked. If there is an important site feature that is not working (for example a pop-up you actually WANT to see), try partially allowing the site. This will enable most content, and will still filter out the most dangerous elements, if they exist. As a last resort, try fully enabling the site temporarily. Finally, if you completely trust the website in question, you can add it to your perminant allow list.
NoScript Options
As a final note, there are a few options that may be of importance. In it's default setup, this extension shows a small "status window" at the bottom of your browser window every time it blocks content. In general, this is good at first, when you're getting a feel of how the utility operates. However, after a while, this becomes annoying. To disable this status message, go to NoScript's Options menu and click the Appearance tab. Simply uncheck the "Show message about blocked scripts" box and you'll never see it again.
On the Advanced tab of the Options menu, you will find some controls to determine what kind of content is allowed in your browser. I recommend allowing rich text copy for trusted sites and disabling Java and Flash for untrusted sites. As you may notice, there is also an option to forbid ALL other plugins. Personally, I recommend disabling only Java and Flash right now.
Screenshots
The following page has some screenshots of the extension, in case you're the visual learner type: http://www.noscript.net/screenshots .