Well, there are many ways to use JavaScript to deanonymize you. For instance, JS can be used to measure the speed of specific operations on your computer, which already gives some information on what kind of computer you are using. Firefox contains some counter-measures against this, TorBrowser contains even more, but nothing is 100% safe.
Depending on your processor, there are also known attacks that work inside a process or across processes that can be triggered in JavaScript and used to read some of your memory. Again, your OS has counter-measures, Firefox has counter-measures, TorBrowser has counter-measures, but nothing is 100% safe. Finally, JS has access to a number of APIs that can accidentally be used to identify you (e.g. there are ways to find out your list of fonts, and list of fonts are typically different from a computer to the other one). Usually, these holes are plugged in TorBrowser, but there may be holes that have escaped the attention of devs. I personally browse with JS activated, because I have very low safety requirements (I use TorBrowser as a VPN, largely to increase deniability by people who really need this), but YMMV. Cheers, David On 10/12/2018 12:52, jiggytwi...@danwin1210.me wrote: > Are there any serious disadvantages to using JS with the TBB. > > As we know, disabling JS prevents some sites working at all while other > sites has reduced functionality. > > Correct me if I am wrong, but I'm sure that server-side JS cannot get the > user's real (non-Tor) IP address. > > If that's correct, what's the problem with using JS and the TBB? > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
