opknovo.blogg.se - Tor broswer javascript.options.ion.content

We might even want to combine positions 1+2.

Position 3: All scripts and media are disabled (Most secure) Ideally, a text-oriented site can enforce a scripting ban at the content.

There is bigger risk for other types of exploits then what this link could do. JavaScript becomes a risk (has been) when a third party uses it to exploit the tor browser, so that means that pinterest has to push a exploit to you, and thats extremely unlikely.

Position 2: HTML5 media and fonts click-to-play/disabled The risk for using a link like that for that service is not something i would worry about.

Position 1: Javascript is disabled for all non-https URLS.

Position 0: Current TBB defaults (Most usable).

We want to minimize the number of positions on this slider to avoid fingerprinting, but a small number of slider positions (3-4) that set several settings underneath shouldn't be too bad: Roger suggested a possible way forward is to create a Security Slider on the Tor Launcher first launch page and the Torbutton settings that allows people to trade off between "Most Usable" on one end, and "Most Secure" on the other end. This might not be enough for people who start TBB with incorrect assumptions/word-of-mouth rumors about its defaults. We leave it enabled for usability reasons, but ship with NoScript in the toolbar to make it easy to disable.

A large number of our users seem to be confused about the state of JavaScript in TBB.