Opened 5 months ago

Last modified 5 months ago

#29803 new enhancement

Trust Tor Project domain in NoScript when TorButton security level is changed

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: noscript, tbb-security-slider
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Trust *.torproject.org in NoScript for first-party access when the TorButton security level is changed.

I don't know if it's possible to restrict to first-party in NoScript. It is in uMatrix. I don't know if trusting TP's sites by default could aid fingerprinting TB as TB rather than its UserAgent if, for example, a TP resource is embedded in a third-party page. On a related note, IIRC, the blog is hosted by a third-party.

Or always trust TP's onions only? https://onion.torproject.org/ Same unknown but for onion and non-onion third parties.

Child Tickets

Change History (1)

comment:1 Changed 5 months ago by gk

Keywords: tbb-security-slider added
Note: See TracTickets for help on using tickets.