Is JS + Tor ok when using reddit?
[2 Points] sapiophile:
[2 Points] The_Madhouse:
Absolutely not. The Chinese government has used sites that people commonly frequent to wait till they access that site, inject code into your browser and than track what you do. How long do you think until the US does this and what better place than the center of the dnm community. Also as another user said tails could be vulnerable to valuable 0days. The US government buys these out the ass and employed not one or two zero days for windows, but 4 zero day exploits. Here's a link from kaspersky about a virus similar to stuxnet that is making a resurgence. https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237
Source for my paranoia: http:/nytimes.com/2015/06/13/technology/chinese-hackers-circumvent-popular-web-privacy-tools.html?referrer=
It depends.
In general, it's always best to never enable JS. But obviously, that means that you can't post on reddit.
So, to actually use reddit, practice harm reduction.
The most important aspect of doing this is to use a well-locked-down system that can limit the damage that a malicious script (or Man-In-The-Middle script substitution) can do. Tails is of course an excellent choice - it uses Tor Browser and TorButton with its JS-limiting capabilities, confines the browser to its own AppArmor "jail," and is overall an "amnesic" system that is intended to reboot in the same state every time. Theoretically, however, with some very, very valuable 0days, even Tails could be persistently infected with malware via JS, if it's being run from a writable medium (like a USB flash drive). For absolute maximum security, it may be preferable to use only a finalized DVD-R as your Tails boot medium, and keep your "persistent" data (GPG keys, bookmarks, etc.) on a separate USB flash drive that you have set up to be encrypted with LUKS-dmcrypt. Decent instructions for setting up and using an encrypted LUKS partition are available on the Arch Wiki, although they actually have several LUKS pages so you may need to browse around to actually learn everything you need.
When doing this in Tails, you'll want to set the Security Slider in Tor Browser to "Medium-High," and visit reddit via an https:// link.
If you're using any operating system other than Tails, I would very strongly recommend that you do not ever enable JavaScript (set Tor Browser Security Slider to anything but "High") on any website.