[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] 2 questions on HTTPS Everywhere settings

To: Tor-Talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] 2 questions on HTTPS Everywhere settings
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Sat, 07 Jan 2012 12:07:26 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 07 Jan 2012 13:08:09 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0

What are others' opinions of these setting in NoScript in TBB (latestTBB 2.2.35-4)?

1) In Options > HTTPS>Behavior, the "forbid active web content unlesscomes from an HTTPS connection. Default is "never," but there is achoice of "when using proxy (recommended w/ Tor)."

What are some lesser known issues of keeping the Never default setting?

What ALL active web content is it allowing by default setting of "Never"forbid?What are some of *desirable* sites or content that could break if set itto "when using a proxy" ? That could vary depending on a user'sgeographical location.

2) Under "General" tab, default is "scripts globally allowed". Isuppose Tor devs chose to leave this as default, as many sites won'twork well w/o JS.But, to allow scripts globally - in an anonymity software like Tor? Nomention, AFAIK, in Tor documentation of what things users shouldconsider about various settings in NoScript.

NoScript has many other security functions besides allowing /disallowing scripts, that most users know little about.

Yes, you can white list sites you want to allow, then disable "allowglobally," but you'd better back that list up regularly because offrequent TBB releases & any NoScript updates.


Thanks.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Anonymity & HTTPS Everywhere Observatory
Next by Author: Re: [tor-talk] Google as default search engine revisited
Previous by thread: Re: [tor-talk] Anonymity & HTTPS Everywhere Observatory
Next by thread: [tor-talk] A question about Tor & Hidden Services
Index(es):
- Author
- Thread