Just realised I've had javascript on all this time, weeks and made orders ... How screwed am I?

I thought I'd advanced from my noob days after installing tails, learning pgp and all the BTC stuff and making a few orders ... sadly I think I'll be downgrading myself back down to a basic, naive noob.

So having placed another order on Nuclues today, I just went on Amazon dark, which informed me I have javascript running. In a panic I did some googling and realised that scripts are enabled by default on TOR, even on TAILS. This means I've had them on all this time, for my previous orders, and this one. How fucked am I? I know there was this huge thing about not using ME because it needed javascript at one point, so I'm pretty concerned. Honestly don't know how I did something so stupid. But also to anyone advising noobs, we should make people aware so they don't repeat my mistakes!


Comments


[6 Points] None:

I would guess a large percentage of DNM users don't know to disable scripts.


[1 Points] The_Grid_Is_Up:

You're most likely fine; just remember it for the future.


[1 Points] MDPV_:

HA. I just noticed this, too. I don't think we are fucked too badly. Now we know!

CLICK THE NOSCRIPT BUTTON EVERY TIME YOU TOR


[1 Points] tripgirl:

Javascript is dangerous because it runs code client side that sends your info (that can deanonymize you) to somewhere else. But if you have only gotten on trusted sites, like Agora for instance, then no malicious code would have been run, so you are ok. Most of the time malicious code does things like withdraws your bitcoins from open tabs and stuff like that. For it to deanonymize you, you would have had to open a site that was run by LE as a honeypot where they embedded a script to get your IP or some such and then send it to one of their servers. If you've only browsed trusted sites, you are in the clear.

By the way, that's why it's enabled by default. They are assuming that you know you can trust the sites you are connecting to you. If you don't trust them, or you're going somewhere new, you should disable javascript.


[1 Points] IngrownHairs:

Using TAILS, there should not be a possibility for any JavaScript based attack that can de-anonymise your IP address as ALL connections are transproxied through the tor daemon.

However, care should still be taken when browsing any websites that require JS to operate - you should never simultaneously browse hidden services(markets or otherwise) and clearnet sites with the same browser, at the same time - and even to some degree, a Tor identity(i.e. the same circuit set should not be used to open a relay to any HS that you have also say, logged into Reddit with, at least IMO, but that is extreme compartmentalization).