[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-----------------------------------------------------+----------------------
Reporter: mikeperry | Owner: brade
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor Launcher | Version:
Keywords: tbb-usability, tbb-linkability, tbb-3.0 | Parent:
Points: | Actualpoints:
-----------------------------------------------------+----------------------
Comment(by arma):
Replying to [ticket:9387 mikeperry]:
> - Position 0: Current TBB defaults (Most usable)
> - Position 1: Javascript is disabled for all non-https URLS
If I'm worried about js as an attack vector, my worries aren't really
resolved by the website I'm going to getting an ssl cert from somewhere.
It helps with an attacker in the middle injecting js into http, sure, but
it doesn't help with similar cases like an attacker modifying http to make
me fetch some other resource over https and then run its javascript.
Are you imagining this as a usability improvement, rather than a security
thing? Or is there some further trick where we actually only run js from
an https website when it's the url in our url bar?
> - Position 2: HTML5 media and fonts click-to-play/disabled
If we can get the interface on this one right, it shouldn't be too much of
a usability impact, yes? If so I agree that we can/should do it on the
'more commonly chosen' end of the spectrum.
(What is a font click-to-play?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs