Project

General

Profile

Bug #10481

Disable JavaScript by default

Added by cypherpunks almost 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Tor configuration
Target version:
-
Start date:
11/04/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Yes
Affected tool:
Browser

Description

JS dramatically increases the attack surface. It allows browser fingerprinting, user fingerprinting (behavioral biometrics) and exploitation of vulnerabilities in JS engine and API design. It must be disabled by default for all untrusted addresses: the ones from the Web and files. Use NoScript for this.


Related issues

Related to Tails - Feature #9700: Persistence preset: Tor Browser security slider setting In Progress 07/07/2015

History

#1 Updated by mercedes508 almost 4 years ago

  • Status changed from New to Rejected
  • Priority changed from Elevated to Normal

I don't know if you did, but there's already a section in the FAQ explaning why it's like that in Tails:

https://tails.boum.org/support/faq/#index12h2

#2 Updated by cypherpunks almost 4 years ago

We think that having JavaScript enabled by default is the best possible compromise between usability and security in this case.

Yes, you are right, allowing JS is the best way to compromise security.

#3 Updated by sajolida almost 4 years ago

Feel free to work on #9700 as a solution to your concern.

#4 Updated by sajolida almost 4 years ago

  • Related to Feature #9700: Persistence preset: Tor Browser security slider setting added

Also available in: Atom PDF