[tor-talk] 2 questions on HTTPS Everywhere settings
Joe Btfsplk
joebtfsplk at gmx.com
Sat Jan 7 18:07:26 UTC 2012
What are others' opinions of these setting in NoScript in TBB (latest
TBB 2.2.35-4)?
1) In Options > HTTPS>Behavior, the "forbid active web content unless
comes from an HTTPS connection. Default is "never," but there is a
choice of "when using proxy (recommended w/ Tor)."
What are some lesser known issues of keeping the Never default setting?
What ALL active web content is it allowing by default setting of "Never"
forbid?
What are some of *desirable* sites or content that could break if set it
to "when using a proxy" ? That could vary depending on a user's
geographical location.
2) Under "General" tab, default is "scripts globally allowed". I
suppose Tor devs chose to leave this as default, as many sites won't
work well w/o JS.
But, to allow scripts globally - in an anonymity software like Tor? No
mention, AFAIK, in Tor documentation of what things users should
consider about various settings in NoScript.
NoScript has many other security functions besides allowing /
disallowing scripts, that most users know little about.
Yes, you can white list sites you want to allow, then disable "allow
globally," but you'd better back that list up regularly because of
frequent TBB releases & any NoScript updates.
Thanks.
More information about the tor-talk
mailing list