On 15 July 2016 at 00:07, krishna e bera <k...@cyblings.on.ca> wrote: >> Should add that users with NoScript enabled would not have been >> vulnerable - I get the "noscript decreases privacy" argument, but I'd >> still kinda like it to be on by default to protect users. Maybe with a >> big red "Turn on Javascript because I'm happy to get pwned by >> malicious ads, FBI malware, and miscellaneous trackers" button :) > >>>> There are frequently vulnerabilities in hosting services - content >>>> platforms, web forums, third-party Javascript libraries, file uploads, >>>> management interfaces...many sites, darkweb or not, have much broader >>>> attack surfaces than their owners understand. > > > What do you think about these recommendations for onion sites:
Well, it doesn't really matter what I think :) There have been discussions, and as I understand it in most cases there are two issues: privacy tradeoffs in blocking third party content (doing so makes your browser more identifiable), and breaking the web enough that users will just downgrade their settings thereby making themselves insecure and again degrading their privacy in the same way.. Me, I block scripts in TBB because I weigh security a bit higher than privacy, and it's nice that it's relatively easy to do so, but I would like it to be signposted or explained a bit more clearly. > Client-side: > For months i have been suggesting to friends and clients, who are > regular (non-Tor) users, to install Ublock Origin. Very good choice, though possibly too complicated for average users (but then, so is maintaining a NoScript whitelist). -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
