[tbb-bugs] #30730 [Applications/Tor Browser]: Can't access right click menu for noscript w/o readding icon
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 3 09:19:44 UTC 2019
#30730: Can't access right click menu for noscript w/o readding icon
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by gk):
* owner: (none) => tbb-team
* component: - Select a component => Applications/Tor Browser
Comment:
Yes, the NoScript icon in the context menu is a bug which we did not get
fixed for 8.5. Removing it is tracked in #30730.
Regarding your anonymity concerns: well, as far as we know there is no way
to detect the NoScript icon presence on the toolbar from websites.
Remember as well that we still have a lot of users that have the search
bar visible on their toolbar and probably a lot of other old things due to
updating from older Tor Browser versions (even before esr52-based ones).
Thus, the length of the urlbar is not helping here.
Yes, if you take screenshots you have to be careful and that's not in
particular related to toolbar layout. It's OS details that leak e.g. or
potentially a different theme or your toolbar layout or...
Dealing with NoScript settings is dangerous for a number of reasons (see:
e.g. #26517) and not recommended unless you know what you are doing. This
holds as well for making exceptions to the default security settings
because that comes with a risk for fingerprinting users might
underestimate (due to the pattern of whitelisted sites that are
whitelisted for the whole browser session). I think if you are confident
handling that risk dealing with re-adding the NoScript button to the
toolbar (and potentially removing it if you really need to post a
screenshot with your toolbar that already leaks details because it's a
toolbar on a particular OS etc.) is in scope as well.
Thus, I am not convinced doing the right-click workaround you suggested.
We should rather fix #30730 and work on #30570.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30730#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list