Elena Johnson, 13.05.2012 00:38: > 1) "TBB is modified so that JavaScript shouldn't hurt anonymity." > OK so I can safely allow JavaScript with my emails and be anonymous. > Confusing because NoScript says: > "Allow scripts globally (dangerous)."
NoScript has a different goal, then Tor and therefore the TBB. While NoScript aims to prevent malicious scripts from running by disallowing scripts globally and only whitelist trusted sources; Tor aims to give you control over your privacy/anonymity. TBB users share a set of anonymity because they "look" similar. Some sites require JavaScript to work, so it's expected that TBB users would allow it. That's bad for their anonymity as an exit can distinguish users that allow JS on particular site and those who don't. An attacker that wants to track users that use TBB can set up a site and load JavaScript from various resources, to see which users allow and disallow a combination of them. That's the case for all filtering addons. Also NoScript doesn't seem to be easily understood by non-technical users. TBB should work out-of-the-box to be usable by anyone. NoScript is still useful even when it's set to allow scripts globally. So long story short NoScript: Prevent an attacker from running JavaScript. TBB: Make it possible to browse the web anonymously. > 2) "The TorBrowserBundle (TBB) should allow scripting by default" > Confusing because when I log into Tor using TBB the NoScript icon has a red > slash through it. [...] I haven't seen that you respond the Andrew's question so I just repeat it here. Which version of TBB do you have? (Andrew's question) Also what platform are you on? (me) Regards, bastik_tor _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
