Bug #10481
Disable JavaScript by default
Start date:
2015-11-04
Due date:
% Done:
0%
Description
JS dramatically increases the attack surface. It allows browser fingerprinting, user fingerprinting (behavioral biometrics) and exploitation of vulnerabilities in JS engine and API design. It must be disabled by default for all untrusted addresses: the ones from the Web and files. Use NoScript for this.
Subtasks
Related issues
Related to Tails - Feature #9700: Persistence preset: Tor Browser security level | In Progress | 2015-07-07 |
History
#1 Updated by mercedes508 2015-11-04 16:13:11
- Status changed from New to Rejected
- Priority changed from Elevated to Normal
I don’t know if you did, but there’s already a section in the FAQ explaning why it’s like that in Tails:
#2 Updated by cypherpunks 2015-11-05 17:00:53
>We think that having JavaScript enabled by default is the best possible compromise between usability and security in this case.
Yes, you are right, allowing JS is the best way to compromise security.
#3 Updated by sajolida 2015-11-06 11:55:33
Feel free to work on Feature #9700 as a solution to your concern.
#4 Updated by sajolida 2015-11-06 11:55:41
- related to Feature #9700: Persistence preset: Tor Browser security level added