undefined | Better HN

0 pointswtallis11y ago0 comments

Why do you say that? According to the Tor Project FAQ for their browser bundle, they leave JavaScript enabled. The only problem they mention is that selectively allowing scripts via NoScript permissions leaks information, so it's an all-or-nothing decision with regards to third-party scripts for any given site and they choose to make the default the one that breaks fewer sites. (And really, you're still free to block scripts from any third-party site that has an effective surrogate script bundled with NoScript.)

0 comments

ChrisAntaki11y ago

Tor has been exploited in the past in ways which only affected those who kept JavaScript enabled [1]. I actually love JavaScript, and the doors it can open for trustworthy developers, but I don't think a deep cover journalist or whistleblower should be browsing with it.

[1] https://blog.torproject.org/blog/tor-security-advisory-old-t...

wtallisOP11y ago

So, that's not Tor being exploited, that's just a Firefox bug that was used to get at Tor users because they're more interesting targets. It wasn't a case of JavaScript making Tor less private or less secure except in that it was JavaScript making everything less private and secure, and Tor doesn't protect you from that because Tor isn't a security tool.

ChrisAntaki11y ago

Right, the Tor browser bundle was exploited. The context of this thread is browser usage of Tor.

j / k navigate · click thread line to collapse

0 pointswtallis11y ago0 comments

0 comments

ChrisAntaki11y ago

[1] https://blog.torproject.org/blog/tor-security-advisory-old-t...

wtallisOP11y ago

ChrisAntaki11y ago

Right, the Tor browser bundle was exploited. The context of this thread is browser usage of Tor.

j / k navigate · click thread line to collapse