[tor-talk] User views on lesser of 2 evils_Tor FAQ on using java script

faether faether at Safe-mail.net
Sat Jul 26 22:04:52 UTC 2014

Joe Btfsplk wrote:

> you're effectively forced into either
> * disabling js completely

Few people do that, so it may in principle shrink your anonymity set
more than JS-enabled fingerprinting does.

> Seems we must make a choice:  Whether more concerned about "some"
> sites detecting JS is DISabled, while others detect it's ENabled (&
> presumably, these sites are jointly owned, or all share info or 3rd
> party trackers are advanced enough to ID even a "stock" Torbrowser,
> from one site to another).

Exit nodes also have a broad perspective.

> There are a good many advanced users not in favor of having JS enabled
> by default in TBB. Unless they *only* visit JS free sites, they're
> forced to selectively enable it, unless don't care about broken sites.

A safe workflow for occasionally enabling (or disabling) JS:

Click the onion button's New Identity
Enable JS globally
Go to whatever sites you want to browse
New Identity again
Disable JS globally

> But, enabling JS allows sites (that try) to get FAR more browser /
> system info than if it's disabled.

But keep in mind that lots of things can be detected even without JS.

There is e.g. a simple way to get and transmit the inner window size in
pure CSS.

More information about the tor-talk mailing list