Opened 9 years ago

Closed 9 years ago

#3007 closed defect (not a bug)

NoScript configured to globally allow all scripts

Reported by: HG2G Owned by: erinn
Priority: Very High Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Is the NoScript 'globally allow all scripts' an intentional configuration? If so I would suggest changing to not allowing scripts globally, if not for the obvious, then to prevent Google Analytics tracking:

When NoScipt is set to globally allow all scripts Google Analytics tracking is not blocked; see:
(especially this:)

Child Tickets

Change History (4)

comment:1 Changed 9 years ago by HG2G

Component: Tor BrowserTor bundles/installation
Owner: changed from mikeperry to erinn

comment:2 Changed 9 years ago by HG2G


TBB version 2.2.24-1 alpha, sorry I forgot to mention that in my report!

comment:3 Changed 9 years ago by mikeperry

We're not sure that disabling scripts globally is a good default option for people. We're trying really hard to engineer a default private browsing setup that does not rely on filters or feature breakage, but we may need some browser muscle to help things along:

Can you explain why you believe that this might not be possible? Ie, what is it specifically about Google Analytics that makes you think we can't deal with it by enhancing browser privacy in a general sense?

We provide NoScript mostly for the non-filter features it provides, such as click-to-play for media, webgl and plugins, XSS protection, remote font blockage, and so on. The ability to globally disable JS is also a bonus for the malware and exploit-laden corners of the web, but having JS disabled (or worse, filtered) by default doesn't seem very intuitive for new Tor users.

comment:4 Changed 9 years ago by mikeperry

Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.