[tor-bugs] #31096 [Applications/Tor Browser]: Tor Browser missing NoScript on Linux/Ubuntu version

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 9 17:14:39 UTC 2019 

#31096: Tor Browser missing NoScript on Linux/Ubuntu version
--------------------------------------+--------------------------
 Reporter:  torlove                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  wontfix
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by torlove):

 Thanks for the link to the resource, gk. It is a good document, whatever
 we can do to make things easier for beginners is good.

 There are two items discussed in the resource above that have not been
 done.

 1) Educating the user about the changes.

 Although it was not part of the scope of the document the author clearly
 states that this is an area that requires attention. It is important to
 tell users of impending changes, and to inform a user when a change is
 implemented. The home screen is the best place to do that.


 2) Moving per-site js permissions (NoScript) too the URL bar:

 In my opinion, NoScript should be moved to the URL bar to the right of the
 "Toggle Reader View" button. The icon should be one that suggests code or
 scripting, either:

 a) a tiny backslash inside angled brackets, or
 b) the standby/power symbol (https://www.symbols.com/symbol/standby-
 symbol), or
 c) a gear icon with JS written lightly inside.

 Alongside the icon should be a small tag with the number of js domains
 blocked having a strike-though. The number of approved js domains used by
 the page would not have a strike-though.

 NoScript needs to continue being one click away because when a
 page/document loads and the JS is blocked there is no way to re-trigger
 the page load event. So there are times when the user must access NoScript
 after multiple page load events. Typically two page loads are needed, but
 I have seen websites where five page loads are needed. The user needs to
 repeat this process for a domain every time they restart Tor browser.

 In the interests of educating the user, after restarting the browser we
 might inform the user that editing the permissions may make fingerprinting
 easier. Especially if you repeatedly use the same settings.

 Is there an open ticket where these suggestions can be placed?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31096#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list