[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] UI/UX/security. Per-site security settings in Tor Browser?



Hi,

You may see the discussion about making it easier to switch between security
levels in Tor Browser: https://trac.torproject.org/projects/tor/ticket/21065

Best wishes,

1. Mar 2017 23:36 by jonathan.femideer@xxxxxxxxxxxxx:


> In Tor Browser 6.5, is there a way to choose per-site security settings?
>
> Ideally, from a security perspective, users would be able to use the "High" setting, and this would *just work* on all sites. (Onion > Security Settings > High.)
>
> However, some websites, and some webmail clients, are built in a way that requires the user to execute some JavaScript. For these websites and webmail clients, the only two options seem to be:
>
> 1. Change the browser security settings (Onion > Security Settings > Medium).
>
> 2. Click NoScript icon > "Temporarily allow all this page".
>
> These both have disadvantages. Respectively:
>
> 1. If the user subsequently opens a new tab to visit a different website, this will now only be at the Medium security setting instead of the High setting, even if this latter website would work fine with the High setting. So the user's security gets reduced on the new site, unnecessarily. Alternatively, if the user is keeping one or more tabs open for the first site, while using other tabs to browse other sites that are less trusted or don't require the Medium setting, then the user has to keep adjusting the browser security level each time they want to interact with the first site in one of those tabs. TL;DR: switching tabs shouldn't require changing security settings to make the contents of those tabs function.
>
> 2. "Temporarily allow all this page" seems to be less secure than the Medium security setting. A user might trust a website (or *need* to use it) just enough to be willing to reduce the security level to Medium in order to make it function, but no lower than that. "Temporarily allow all this page" seems to be more like reducing the security level for that site to Low.
>
> So, is there a way for the user to keep the security level at High for all sites except for a few specific sites, and to set the latter to Medium?
>
> N.B. I have not yet encountered any websites that require the security level to be set to Low, but perhaps such websites do exist. If so, then please consider my question to extend to allowing a per-site setting of Low for those websites.
> -- 
> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk