[tbb-bugs] #15279 [Applications/Tor Browser]: uMatrix & uBlock to Replace NoScript
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 6 17:09:53 UTC 2019
#15279: uMatrix & uBlock to Replace NoScript
--------------------------------------+--------------------------
Reporter: johnakabean | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
This is a good idea. uMatrix has had four years to evolve since this
ticket was originally created. Now there are versions of uMatrix for
various platforms, and they work well.
1. There is essentially nothing that NoScript does that uMatrix cannot do
also.
2. The design of NoScript is based on an assumption, specifically that a
user essentially '''never''' wants to run scripts from some sites and
'''always''' wants to run scripts from others. This might be appropriate
if the threat model is malware. It is emphatically inappropriate if the
threat model is cross-site tracking. For example, I might want to allow
scripts from google.com for certain first-party sites that use Recaptcha,
but not in the general case. uMatrix addresses this elegantly.
3. NoScript and uMatrix interact together poorly. Specifically, allowing
a site with NoScript and blocking it with uMatrix results in the site
being always allowed, despite the fact that it would be both '''safer'''
to apply the most restrictive policy and '''more logical''' to interpret
fine-grained uMatrix rules sequentially last.
So let's do this, folks. There is no reason to make it hard for people
who want to use uMatrix for more fine-grained control.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15279#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list