How do I enable javascipt while using Tor BB? Is it an addon?
. On Tue, Jan 15, 2013, at 10:37 PM, Micah Lee wrote: > On 01/15/2013 12:14 AM, Joe Btfsplk wrote: > > Never say never - but I don't know that the real risk of js is leaking > > identity so much as someone running malicious code on sites you don't > > know or shouldn't trust. > > There isn't much risk of identity leaking by enabling javascript in your > browser. The most javascript should be able to do is fingerprint your > browser profile to detect plugins, fonts, etc. By using the Tor Browser > Bundle rather than just a normal web browser proxied through Tor, most > (with the goal of all) of these fingerprinting attempts are mitigated. > > So I think it's perfectly fine to enable javascript for Yahoo mail. If > you're going to be using Yahoo mail, make sure you turn on SSL: > https://www.eff.org/deeplinks/2013/01/yahoo-mail-makes-https-available > > There are definitely security concerns though, the biggest being using > javascript on a website that someone else has discovered an XSS bug on. > And browser zero days are much more likely to be exploited through the > use of javascript, etc. > > That said, these days there are serious usability advantages that > javascript provides, especially for sites like Google Maps. If done > correctly, it can be used to *increase* security in some cases (such as > the payment processor Stripe's use of ajax), and it can be used to make > content load faster and use less bandwidth, such as Twitter letting you > load only recent tweets without refreshing the entire page. And many web > developers build javascript functionality and don't bother to make it > work for NosScripters, which is annoying, but sometimes the > functionality they're going for is impossible without javascript. > > Javascript is kind of the future of the web, and it's only going to be > more prevalent as time goes on. And unlike in the 90s, it's genuinely > useful now, not just for adding bling to your site. Rather than be down > on javascript, I think it's more production to figure out ways to make > javascript more secure, like: > https://developer.mozilla.org/en-US/docs/Security/CSP/Introducing_Content_Security_Policy > > -- > Micah Lee > https://twitter.com/micahflee > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- http://www.fastmail.fm - The way an email service should be _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
