[tor-bugs] #29803 [Applications/Tor Browser]: Trust Tor Project domain in NoScript when TorButton security level is changed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 18 05:22:36 UTC 2019
#29803: Trust Tor Project domain in NoScript when TorButton security level is
changed
-------------------------+------------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+------------------------------------------
Trust *.torproject.org in NoScript for first-party access when the
TorButton security level is changed.
I don't know if it's possible to restrict to first-party in NoScript. It
is in uMatrix. I don't know if trusting TP's sites by default could aid
fingerprinting TB as TB rather than its UserAgent if, for example, a TP
resource is embedded in a third-party page. On a related note, IIRC, the
blog is hosted by a third-party.
Or always trust TP's onions only? https://onion.torproject.org/ Same
unknown but for onion and non-onion third parties.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29803>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list