#29803: Trust Tor Project domain in NoScript when TorButton security level is changed -------------------------+------------------------------------------ Reporter: cypherpunks | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Component: Applications/Tor Browser Version: | Severity: Normal Keywords: noscript | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------+------------------------------------------ Trust *.torproject.org in NoScript for first-party access when the TorButton security level is changed.
I don't know if it's possible to restrict to first-party in NoScript. It is in uMatrix. I don't know if trusting TP's sites by default could aid fingerprinting TB as TB rather than its UserAgent if, for example, a TP resource is embedded in a third-party page. On a related note, IIRC, the blog is hosted by a third-party. Or always trust TP's onions only? https://onion.torproject.org/ Same unknown but for onion and non-onion third parties. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29803> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs