[tor-talk] User views on lesser of 2 evils_Tor FAQ on using java script
faether
faether at Safe-mail.net
Sat Jul 26 22:04:52 UTC 2014
Joe Btfsplk wrote:
> you're effectively forced into either
> * disabling js completely
Few people do that, so it may in principle shrink your anonymity set
more than JS-enabled fingerprinting does.
> Seems we must make a choice: Whether more concerned about "some"
> sites detecting JS is DISabled, while others detect it's ENabled (&
> presumably, these sites are jointly owned, or all share info or 3rd
> party trackers are advanced enough to ID even a "stock" Torbrowser,
> from one site to another).
Exit nodes also have a broad perspective.
> There are a good many advanced users not in favor of having JS enabled
> by default in TBB. Unless they *only* visit JS free sites, they're
> forced to selectively enable it, unless don't care about broken sites.
A safe workflow for occasionally enabling (or disabling) JS:
Click the onion button's New Identity
Enable JS globally
Go to whatever sites you want to browse
New Identity again
Disable JS globally
> But, enabling JS allows sites (that try) to get FAR more browser /
> system info than if it's disabled.
But keep in mind that lots of things can be detected even without JS.
There is e.g. a simple way to get and transmit the inner window size in
pure CSS.
More information about the tor-talk
mailing list