[tor-talk] User views on lesser of 2 evils_Tor FAQ on using java script
joebtfsplk at gmx.com
Sun Jul 27 15:00:30 UTC 2014
On 7/26/2014 10:13 PM, Moritz Bartl wrote:
> On 07/26/2014 09:26 PM, Joe Btfsplk wrote:
>> So, is it, "damned if I do, damned if I don't?"
> Basically, yes. A lot of users including me can cope with only
> making that the default. It is just too hard to understand for 'casual
> I personally can live with 'losing some of my anonymity' due to the
My unprofessional reaction is, there's some discussion on this, but no
scientific data / explanation why one way is the least worst.
Getting to that point may be difficult, but as is, seems Tor Project
raises numerous questions but provides no real answers.
We have a product "to protect your anonymity."
"Oh, by the way... using JS may compromise it,
and not using it may compromise it (because it's enabled by default),
and using it intermittently may compromise it."
OK, that clears it up. Even for fairly advanced users, that's not much
There seem to be very strict Tor / TBB design rules, down to the tiniest
Then, the issue of java script is pretty much left wide open.
Many ignore it, like the elephant in the room.
Since a chain (or security / anonymity method) is only as strong as its
weakest link, where does that leave TBB, considering the range of views
& facts about java script?
Sometimes, seems this little detail (that might break the entire chain)
is simply glossed over. It's a tough subject, so we just won't dwell on it.
Obviously, Tor Project decided to leave it enabled. But there's ongoing
discussion about limiting exposure due to js.
More information about the tor-talk