[tor-bugs] #4794 [Tor Browser]: NoScript Is Not Being Used Properly By The Tor Project

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Dec 28 06:45:46 UTC 2011 

#4794: NoScript Is Not Being Used Properly By The Tor Project
-------------------------+--------------------------------------------------
 Reporter:  DasFox       |          Owner:  mikeperry                    
     Type:  defect       |         Status:  new                          
 Priority:  normal       |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Browser  |        Version:                               
 Keywords:  NoScript     |         Parent:                               
   Points:               |   Actualpoints:                               
-------------------------+--------------------------------------------------
 Hi,

 This isn't a bug, but I'm reporting this because this is not being handled
 correctly.

 One of the main points of NoScript is not to allow anything, other than
 what is in your 'Whitelist', yet the Tor Project has set in the General
 options; 'Scripts globally allowed (dangerous)'

 I think someone at Tor has overlooked that 'Dangerous' part, because this
 is not the correct method in which to use this application. In fact it
 seems silly the developer even has this option in NoScript.

 I do know for a fact when you allow like this, then you let JavaScript
 leak out, creating more of a risk, so regardless of using Tor or not, this
 is not a good approach for the Tor Project
 to be taking with NoScript and the Tor Browser Bundles should have this
 unchecked by default to give people the safest configuration possible.

 Right now you are teaching people the incorrect way in which to use this
 and for those people, they are going to possibly look at Tor and mimic
 what they see for Firefox and make even a greater risk for themselves with
 Firefox through their ISP,etc...

 Granted it doesn't make it the simplest, but people should learn to
 adjust, because it's the proper way in which you are suppose to be using
 this addon.

 Also the Tor Project will need to change the 'Appearances' section to
 properly reflect this as well.

 I've attached a screen shot how the 'Appearances' section looks in
 NoScript, of course with the 'Scripts globally allowed (dangerous)'
 unchecked. :)


 THANKS

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4794>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list