[tor-talk] Javascript vs privacy?

Paul Syverson syverson at itd.nrl.navy.mil
Wed Aug 7 11:28:26 UTC 2013


On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
> On 6 August 2013 16:31, Lunar <lunar at torproject.org> wrote:
[snip]
> >
> > Jon Tullett:
> >> My understanding is that NoScript shipped disabled in the TBB
> >
[snip]
> 
> Sometimes it's a pain, as you say, but that's a compromise I make
> knowingly and willingly. I also use Lynx daily, so I'm kinda used to
> the web not looking like it does for most people :)

Just in case you are unfamiliar, you might also try Links. I use
both Lynx and Links but mostly prefer the latter. YMMV

[snip]
> 
> > Do you have any experience in training users to
> > enable/disable JavaScript on a per site basis?
> 
> I do - I have a security background. But _regular_ users, no - no
> chance. Lab workers, yes. However, I wouldn't classify Tor users as
> regular users - they are people who are taking extraordinary steps to
> protect themselves. One more extraordinary step doesn't seem that
> implausible, but then I probably do have a biased perspective.
> 

Certainly that is true for some users. But the point of this
discussion and a motivation of onion routing designs from pre-Tor days
through the present has been to separate indentification from routing
while minimizing disruption of the user experience. The more Tor is
usable (and therefore used) for ordinary activities by ordinary users
the more secure all users, including the most sensitive, are against
a significant portion of the threats facing them. This is far from
the whole story, but is important to keep in mind. For more, see
"A Peel of Onion", "Why I'm not an Entropist", "Anonymity Loves
Company: Usability and the Network Effect", and "Challenges in
deploying low-latency anonymity".

aloha,
Paul


More information about the tor-talk mailing list