[tor-talk] 2 questions on HTTPS Everywhere settings

Joe Btfsplk joebtfsplk at gmx.com
Sat Jan 7 18:07:26 UTC 2012


What are others' opinions of these setting in NoScript in TBB (latest 
TBB 2.2.35-4)?

1) In Options > HTTPS>Behavior, the "forbid active web content unless 
comes from an HTTPS connection.  Default is "never," but there is a 
choice of  "when using proxy (recommended w/ Tor)."
What are some lesser known issues of keeping the Never default setting?
What ALL active web content is it allowing by default setting of "Never" 
forbid?
What are some of *desirable* sites or content that could break if set it 
to "when using a proxy" ?  That could vary depending on a user's 
geographical location.

2) Under "General" tab, default is "scripts globally allowed".  I 
suppose Tor devs chose to leave this as default, as many sites won't 
work well w/o JS.
But, to allow scripts globally - in an anonymity software like Tor?  No 
mention, AFAIK, in Tor documentation of what things users should 
consider about various settings in NoScript.

NoScript has many other security functions besides allowing / 
disallowing scripts, that most users know little about.

Yes, you can white list sites you want to allow, then disable "allow 
globally," but you'd better back that list up regularly because of 
frequent TBB releases & any NoScript updates.

Thanks.


More information about the tor-talk mailing list