Silk Road forums
Discussion => Newbie discussion => Topic started by: dotgoat on August 05, 2013, 12:56 am
-
So with the reason news about freedomhosting getting taken down (still not clear to me the extent of this) I just played it safe and reextracted the torbrowser bundles I got off eff and I was going to install noscript. Turns out it's been there all along BUT it didn't have scripts globally disabled. So anyone using torbrowser may want to do that since at least at one point there was a js exploit on tormail designed for firefox 17 which is what torbrowser is.
Enabling scripts globally is simple enough by clicking on the "S" next to url and saying disable globally. It's now going to probably complain a lot depending on what sites you go to. It's best to just disable those notifications by going to options > notifications > uncheck show message about blocked scripts.
The problem is typically you could allow javascript on sites you trust... Well if you trusted tormail and enabled javascript you may have gotten some extra javascript. May just be better to go to about:config, search for javascript.enabled and double click it so it's false so it's disabled globally (there's a system preference too but they plan to remove that option in an up and coming release.
Hope this is of use to people.
-
Good point. They will change this soon. Big mistake.
-
It isn't enabled by default because it distiguishes you from other TOR users and diasables functionality of legitimate websites.
If you need to be completely anonymous TURN IT ON.
-
The only reason it distinguishes you at all is because it's not enabled by default. If everyone had it enabled it would be those with it disabled that stood out.
-
NoScript being enabled by default isn't going to happen any time soon.
Why is NoScript configured to allow JavaScript by default in the Tor Browser Bundle? Isn't that unsafe?
We configure NoScript to allow JavaScript by default in the Tor Browser Bundle because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if a website they want to use requires JavaScript, because they would not know how to allow a website to use JavaScript (or that enabling JavaScript might make a website work).
*****CLEARNET WARNING*****
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled