Opened 6 years ago

Closed 7 months ago

#11106 closed enhancement (fixed)

Additional protections for browsing hidden websites

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-torbutton
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I want to recommend researching and implementing additional protections for browsing hidden service websites.

Some ideas:

  • #9623: Don't send referers from hidden addresses.
  • Javascript disabled by default for hiddden services, whether it is enabled for public websites.
  • This is all I can think of for now

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by gk

Cc: gk added
Type: defectenhancement

comment:2 Changed 6 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:3 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:4 Changed 7 months ago by gk

Resolution: fixed
Status: newclosed

We fixed #9623 but I think not enabling JavaScript by default for onion services is not the right way to go. Users have security settings for that now.

Note: See TracTickets for help on using tickets.