Setting your security slider to "high" breaks Twitter
I just realized twitter doesn't load properly when the security slider is set to "high". I was trying to figure out what triggers this but I also realized there's no apparent way to find out what things were blocked by the security slider. Addons like NoScript, Privacy Badger or any ad blocker basically have this option where they show you what elements were blocked so you could investigate if there's a problem and manually whitelist them, but I find out it's not as easy with the security slider.
Attached is a screenshot of how it looks.
The workaround is to lower the security to medium.
Activity
Trac:
Description: I just realized twitter doesn't load properly when the security slider is set to "high". I was trying to figure out what triggers this but I also realized there's no apparent way to find out what things were blocked by the security slider. Addons like NoScript, Privacy Badger or any ad blocker basically have this option where they show you what elements were blocked so you could investigate if there's a problem and manually whitelist them, but I find out it's not as easy with the security slider.Attached is a screenshot of how it looks.
The workaround is to lower the security to medium.
to
I just realized twitter doesn't load properly when the security slider is set to "high". I was trying to figure out what triggers this but I also realized there's no apparent way to find out what things were blocked by the security slider. Addons like NoScript, Privacy Badger or any ad blocker basically have this option where they show you what elements were blocked so you could investigate if there's a problem and manually whitelist them, but I find out it's not as easy with the security slider.
Attached is a screenshot of how it looks.
The workaround is to lower the security to medium.
Looks a lot like #24190 (moved).
Replying to arma:
Looks a lot like #24190 (moved).
Ha! setting
svg.in-content.enabledtotruedoes indeed fix the problem. Though I don't know why the person who reported it closed the ticket. How does the Tor Browser team feel about this? Should we encourage people to change their browser settings? In my opinion that kind of seems contrary with why we have the security slider.-
I think youtube is broken at the high setting, for the same "it now uses svg" reason?
It sounds like longterm we either tell people that high security is a setting that these sites chose to be broken on... or we reduce security features from the high security setting every time a major site starts using something that it had disabled... or we go to the major sites and tell them to stop using scary web functionality... any other options? :)
Replying to arma:
I think youtube is broken at the high setting, for the same "it now uses svg" reason?
It sounds like longterm we either tell people that high security is a setting that these sites chose to be broken on... or we reduce security features from the high security setting every time a major site starts using something that it had disabled... or we go to the major sites and tell them to stop using scary web functionality... any other options? :)
Or we use these type of tricks: for example if you have a YouTube url like
https://www.youtube.com/watch?v=JWII85UlzKwthen replace thewww.youtube.com/watch?v=part withhooktube.com/embed/resulting inhttps://hooktube.com/embed/JWII85UlzKwwhich definitely works with High security setting.I'm not aware of any simple way to get the URL in the first place, but one can use Searx instances and disabling all except the Youtube engine in the video search preferences, and then type https://searx.riseup.net/?q=webrender&categories=videos (sometimes search query fails and one has to repeat the search).
mentioned in issue #24458 (moved)
mentioned in issue tpo/network-health/metrics/networkstatusapi#25
