[tbb-bugs] #15279 [Applications/Tor Browser]: uMatrix & uBlock to Replace NoScript

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 6 17:09:53 UTC 2019

#15279: uMatrix & uBlock to Replace NoScript
 Reporter:  johnakabean               |          Owner:  tbb-team
     Type:  project                   |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by cypherpunks):

 This is a good idea.  uMatrix has had four years to evolve since this
 ticket was originally created.  Now there are versions of uMatrix for
 various platforms, and they work well.

 1. There is essentially nothing that NoScript does that uMatrix cannot do

 2. The design of NoScript is based on an assumption, specifically that a
 user essentially '''never''' wants to run scripts from some sites and
 '''always''' wants to run scripts from others.  This might be appropriate
 if the threat model is malware.  It is emphatically inappropriate if the
 threat model is cross-site tracking.  For example, I might want to allow
 scripts from google.com for certain first-party sites that use Recaptcha,
 but not in the general case.  uMatrix addresses this elegantly.

 3. NoScript and uMatrix interact together poorly.  Specifically, allowing
 a site with NoScript and blocking it with uMatrix results in the site
 being always allowed, despite the fact that it would be both '''safer'''
 to apply the most restrictive policy and '''more logical''' to interpret
 fine-grained uMatrix rules sequentially last.

 So let's do this, folks.  There is no reason to make it hard for people
 who want to use uMatrix for more fine-grained control.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15279#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list