Re: Confusion about TorButton, Noscript, etc.

["Marco Bonetti" <marco.bonetti@xxxxxxxxxxxx>]

On Mon, August 18, 2008 09:32, anonym wrote:
> So, you should _not_ use them together. That's a shame, though.
This is something I was thinking about for some times now, thanks someone
has bring it back up to my attention :)
I completely agree with anonym: it's a shame. However I prefer having both
of them installed as NoScript is wonderful for off-tor browsing and
TorButton is great for in-tor one.
But, as reported in the faq and in this thread, allowing a site via
NoScript can expose the user to javascript injection by rogue exit nodes.

So, a brainstorming of possible solutions:
1) use different profiles, one with NoScript for off-tor browsing and one
with TorButton for in-tor. probably the best one but, you know, it's
always nice to have an "all-in-one" solution
2) ask Maone to include a "Block Scripts Globally" option which will block
everything nevertheless, it should be fine to block everything on the
NoScript side and then fire up TorButton. This feature should work as a
dual of the already present "Allow Scripts Globally (dangerous)"
3) ask both Maone and Perry to work on a way to exchange information
between the two extensions. I don't even know if such a feature is
possible (I'm brainstorming afterall! :-P ) within the mozilla framework
but it would be nice if, once enabled, the TorButton extension will ask
NoScript to temporary block everything

What do you think? (maybe we should also invite Maone on this topic)

-- 
Marco Bonetti
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/
My webstuff: http://sidbox.homelinux.org/

My GnuPG key id: 0x86A91047