On 01/30/2014 04:11 AM, Sukhoi wrote:
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
Thanks for the link. I can understand the reason to keep noscript
enabled by default, but most of the users are not aware about the risks
associated with javascript and even many experts underestimate it; most
of the tracking/spying tools are javascript based.
Tracking is not so much an issue in Tor Browser, as by design, you can
request a new session ("New Identity"), and also you're not tracked
between browser sessions.
If you're worried about being tracked within one session, well, then
Javascript is only one of the many things you would have to worry about.
In scope of Tor Browser is fingerprinting /across/ sessions. Which is
why Tor Browser disables or fakes certain values (like installed fonts
etc), to make fingerprinting and thus tracking /across/ sessions harder.
Anti-fingerprinting patches are the main reason why you should not use a
regular Firefox, but always Tor Browser.
https://www.torproject.org/projects/torbrowser/design/
Tor Browser's design goal is that it should not leak any more
fingerprintable information with Javascript enabled than with Javascript
disabled.
I can understand the intention on not frustrate many users, but is not
TOR a tool intended to, primarily, provide security and anonymity,
instead convenience?
Tor Browser already sacrifices much 'convenience' (usability). Many
users want Flash, Java, and other plugins. It is really only a matter of
defaults, since it takes only a few clicks to disable Javascript if you
really don't want it. I agree, people with enough knowledge to
understand what breaks when you disable Javascript (and that is A LOT
these days), especially subtle things like a button not working etc.,
should disable Javascript. For regular users, it is just not obvious
when something on a website doesn't work -- it doesn't clearly tell you
that something is missing/disabled (compared to Flash, for example).
Personally, I have Javascript disabled in TBB. (and in my non-Tor
browser if I need it) I don't mind quickly changing the default with
every TBB update.