[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Basic questions from new user but...

Elena Johnson, 13.05.2012 00:38:

> 1) "TBB is modified so that JavaScript shouldn't hurt anonymity."
> OK so I can safely allow JavaScript with my emails and be anonymous.
> Confusing because NoScript says:
>   "Allow scripts globally (dangerous)."

NoScript has a different goal, then Tor and therefore the TBB.

While NoScript aims to prevent malicious scripts from running by
disallowing scripts globally and only whitelist trusted sources; Tor
aims to give you control over your privacy/anonymity. TBB users share a
set of anonymity because they "look" similar.

Some sites require JavaScript to work, so it's expected that TBB users
would allow it. That's bad for their anonymity as an exit can
distinguish users that allow JS on particular site and those who don't.

An attacker that wants to track users that use TBB can set up a site and
load JavaScript from various resources, to see which users allow and
disallow a combination of them. That's the case for all filtering addons.

Also NoScript doesn't seem to be easily understood by non-technical
users. TBB should work out-of-the-box to be usable by anyone.

NoScript is still useful even when it's set to allow scripts globally.

So long story short

NoScript: Prevent an attacker from running JavaScript.
TBB: Make it possible to browse the web anonymously.

> 2) "The TorBrowserBundle (TBB) should allow scripting by default"
> Confusing because when I log into Tor using TBB the NoScript icon has a red slash through it. [...]

I haven't seen that you respond the Andrew's question so I just repeat
it here. Which version of TBB do you have? (Andrew's question) Also what
platform are you on? (me)


tor-talk mailing list