Bug #10481: Disable JavaScript by default

Bug #10481

Disable JavaScript by default

Added by cypherpunks 2015-11-04 12:45:08 . Updated 2015-11-06 11:55:33 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Tor configuration

Target version:

Start date:

2015-11-04

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

JS dramatically increases the attack surface. It allows browser fingerprinting, user fingerprinting (behavioral biometrics) and exploitation of vulnerabilities in JS engine and API design. It must be disabled by default for all untrusted addresses: the ones from the Web and files. Use NoScript for this.

Subtasks

Related issues

Related to Tails - Feature #9700: Persistence preset: Tor Browser security level

In Progress

2015-07-07

History

#1 Updated by mercedes508 2015-11-04 16:13:11

Status changed from New to Rejected
Priority changed from Elevated to Normal

I don’t know if you did, but there’s already a section in the FAQ explaning why it’s like that in Tails:

https://tails.boum.org/support/faq/#index12h2

#2 Updated by cypherpunks 2015-11-05 17:00:53

>We think that having JavaScript enabled by default is the best possible compromise between usability and security in this case.

Yes, you are right, allowing JS is the best way to compromise security.

#3 Updated by sajolida 2015-11-06 11:55:33

Feel free to work on Feature #9700 as a solution to your concern.

#4 Updated by sajolida 2015-11-06 11:55:41

related to Feature #9700: Persistence preset: Tor Browser security level added