[Disclaimer: a non expert view on the subject] JavaScript is a way for sites to fingerprint you much more accurately. Once fingerprinted, it doesn't really matter from what IP address you are connecting. Your activity on the web can be correlated even if you browse from different IP addresses each time.
So there is a good reason to keep JS, WASM and anything that downloads and executes remote code on your computer off by default. That is indeed the highest security level for a reason. Of course having JS off is itself a dimension which can be used as part of a fingerprint but it is far less significant than the multiple dimensions a JS=on setting would give you. *Not to forget that JS in combination with non-mitigated CPU vulnerabilities can be a much bigger security whole (e.g. a script reading the contents of your RAM as demonstrated by Google Project Zero). -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
