On 7/26/2014 10:13 PM, Moritz Bartl wrote:
My unprofessional reaction is, there's some discussion on this, but no scientific data / explanation why one way is the least worst.On 07/26/2014 09:26 PM, Joe Btfsplk wrote:So, is it, "damned if I do, damned if I don't?"Basically, yes. A lot of users including me can cope with only selectively enabling Javascript, but I would strongly argue against making that the default. It is just too hard to understand for 'casual users' all the subtle ways disabled Javascript can break websites. I personally can live with 'losing some of my anonymity' due to the custom use of Javascript, but you must be well aware indeed.
Getting to that point may be difficult, but as is, seems Tor Project raises numerous questions but provides no real answers.
We have a product "to protect your anonymity." "Oh, by the way... using JS may compromise it, and not using it may compromise it (because it's enabled by default), and using it intermittently may compromise it."OK, that clears it up. Even for fairly advanced users, that's not much help. There seem to be very strict Tor / TBB design rules, down to the tiniest detail.
Then, the issue of java script is pretty much left wide open. Many ignore it, like the elephant in the room.Since a chain (or security / anonymity method) is only as strong as its weakest link, where does that leave TBB, considering the range of views & facts about java script?
Sometimes, seems this little detail (that might break the entire chain) is simply glossed over. It's a tough subject, so we just won't dwell on it. Obviously, Tor Project decided to leave it enabled. But there's ongoing discussion about limiting exposure due to js.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk