[tor-bugs] #27175 [Applications/Tor Browser]: NoScript plugin does not save per-site permissions/settings when tor browser closes
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 14 03:19:32 UTC 2018
#27175: NoScript plugin does not save per-site permissions/settings when tor
browser closes
-------------------------------------------------+-------------------------
Reporter: tor-user-1234 | Owner: tbb-
| team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: noscript, tbb-regression, | Actual Points:
tbb-8.0-issues |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks_reply):
Only some comments:
Replying to [comment:10 arthuredelstein]:
> But, yes, I am very hesitant to give users the means to persist their
per-site settings, especially when the per-site settings are not first-
party isolated.
ABE in NoScript 5 was able to implement first-party-keyed policy.
> If a user decides to whitelist Google, then every website that embeds a
Google ad can detect this. I am even worried about an opt-in solution
because users often don't properly understand the downsides.
It also had this "Block scripting in whitelisted subdocuments of non-
whitelisted pages" setting, which is not first-party isolation/keying but
related (and I think similar to the kind of problem decomposition used by
uMatrix). I wonder how it's handled now.
> At the same time, I also sympathize with donnm's comment:9 that it is
inconvenient to have to redo per-site settings each time Tor Browser is
restarted.
I use the highest level in torbutton slider and I don't care about
persisting the per-site policy, I always keep the whitelist empty and only
very seldom use temporary permissions which are revoked once done with the
page Certainly "new identity" must also at least clear all temporary
permissions. However, there were at least in NoScript 5 many other
configuration knobs that applied globally and which I used to tighten with
respect to vanilla TOr Browser (yes, I know that changed my profile).
Maybe there should be a way to persist at least that kind of settings.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27175#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list