[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains

Subject: Re: [tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 19 Nov 2015 20:59:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Nov 2015 15:59:54 -0500
In-reply-to: <044.69ee326dff4df23908e7ad71c4ac278f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.69ee326dff4df23908e7ad71c4ac278f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17637: NoScript in Tor-Browser allows all third party domains
----------------------------------+----------------------------
 Reporter:  ctbu                  |          Owner:  tbb-team
     Type:  defect                |         Status:  closed
 Priority:  Medium                |      Milestone:
Component:  Tor Browser           |        Version:
 Severity:  Normal                |     Resolution:  worksforme
 Keywords:  Tor-Browser NoScript  |  Actual Points:
Parent ID:                        |         Points:
  Sponsor:                        |
----------------------------------+----------------------------
Changes (by ctbu):

 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 After going through all the options I finally found the setting to correct
 this behavior.
 Under Options->Advanced->Trusted untick "Cascade top document's
 permissions to 3rd party scripts'.
 Now every subdomain can be allowed/disallowed individually. This should be
 the default behavior.
 This setting should not be checked by default out of convenience. The Tor
 Homepage encourages the user to not just trust on Tor to magically
 anonymize his traffic, but to actively read up on the material and change
 his browsing behavior. Therefore, the user should also engage himself in
 handling NoScript.

 PS:
 I also noticed that NoScript is initially deactivated in Tor-Browser.
 Maybe this should also be changed in upcoming releases.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17637#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
Next by Author: Re: [tor-bugs] #17488 [ExoneraTor]: ExoneraTor hangs forever on old known-positive test
Previous by thread: Re: [tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains
Next by thread: Re: [tor-bugs] #1136 [Tor]: When Tor is offline, it doesn't quite run out of relays, so doesn't realize it's offline
Index(es):
- Author
- Thread