[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] FBI cracked Tor security



On 15 July 2016 at 00:07, krishna e bera <keb@xxxxxxxxxxxxxx> wrote:
>> Should add that users with NoScript enabled would not have been
>> vulnerable - I get the "noscript decreases privacy" argument, but I'd
>> still kinda like it to be on by default to protect users. Maybe with a
>> big red "Turn on Javascript because I'm happy to get pwned by
>> malicious ads, FBI malware, and miscellaneous trackers" button :)
>
>>>> There are frequently vulnerabilities in hosting services - content
>>>> platforms, web forums, third-party Javascript libraries, file uploads,
>>>> management interfaces...many sites, darkweb or not, have much broader
>>>> attack surfaces than their owners understand.
>
>
> What do you think about these recommendations for onion sites:

Well, it doesn't really matter what I think :) There have been
discussions, and as I understand it in most cases there are two
issues: privacy tradeoffs in blocking third party content (doing so
makes your browser more identifiable), and breaking the web enough
that users will just downgrade their settings thereby making
themselves insecure and again degrading their privacy in the same
way..

Me, I block scripts in TBB because I weigh security a bit higher than
privacy, and it's nice that it's relatively easy to do so, but I would
like it to be signposted or explained a bit more clearly.


> Client-side:
> For months i have been suggesting to friends and clients, who are
> regular (non-Tor) users, to install Ublock Origin.

Very good choice, though possibly  too complicated for average users
(but then, so is maintaining a NoScript whitelist).

-J
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk