[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Also thank you for the info on the ARS Technica points.
I have noticed in looking at a few more secure email services that they
encryption, or the reverse, encryption provided but access only with Java
Script enabled. If you are aware of a service with both attributes it
would be interesting to check it out.
Thank you for your very clear explanation Roger, it was very helpful.
> On Tue, Feb 02, 2016 at 05:44:00AM -0800,
> BM-2cTPSBeTK5RpF8A9ymciUDMaX61KzvzJu6@xxxxxxxxxxxxx wrote:
>> I am sorry to ask such a basic question but I am confused by
>> whether I should have the Tor browser set to;
>> a. Temporary allow this page
>> b. Revoke Temporary Permissions
>> c. allow scripts globally
> It defaults to 'c', because otherwise many users would find websites
> broken and not understand what's going on:
>> Today I perhaps made the error of changing the setting to revoke
>> permissions, but after I did this an encrypted email website I just
>> After changing the setting to "Temporary allow this page" then I could
>> again access email in one encrypted email service. However now I can no
>> longer access another encrypted email service (an impressive one)which
>> been working perfectly for me for weeks.
>> So please inform me which setting I should be using. (Or alternatively
>> could delete the Tor browser and just install it again to see the
> It sounds like you've figured out how NoScript works. It is indeed a
> bit safer to leave JS disabled globally, and enable it site-by-site when
> you find that you need it. If you're comfortable doing it that way, go
> for it -- it will be a bit safer than leaving everything enabled.
> I say "a bit safer" because, while reducing surface area for complex
> that are complex too. This is an area with quite some controversy over
> vulnerabilities, and "they could have used other attacks" and "but they
> *did* use this attack" are both valid points. (If you want to be one of
> angrier at Cloudflare, this is a legitimate choice too.)
>> Also, I thought it would be helpful to forward some important
>> I just encountered today. Please read the ARS Technica article at the
>> link below. I found this by way of a Reddit thread.
> Yes, this is a known thing. It's one of the reasons Micah wrote
> up the best practices list for onion service operators:
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to